test(lifecycle): add unit tests for lifecycle utils and improve nil-checks (#2143)

Signed-off-by: kincoy <1152072645@qq.com>

.codecov.yml

@@ -0,0 +1,6 @@
+ignore:
+- "pkg/client/.*"
+- "test/fuzz/.*"
+- "test/e2e/.*"
+
+

.github/ISSUE_TEMPLATE/bug-report.md

@@ -1,7 +1,7 @@
 ---
 name: Bug Report
 about: Create a report to help us improve
-title: "[BUG]"
+title: "[BUG] YOUR_TITLE"
 labels: kind/bug
 assignees: FillZpp
 
@@ -20,7 +20,5 @@ assignees: FillZpp
 **Environment**:
 - Kruise version:
 - Kubernetes version (use `kubectl version`):
-- OS (e.g: `cat /etc/os-release`):
-- Kernel (e.g. `uname -a`):
-- Install tools:
+- Install details (e.g. helm install args):
 - Others:

.github/ISSUE_TEMPLATE/feature-request.md

@@ -1,9 +1,9 @@
 ---
 name: Feature Request
 about: Suggest an idea for this project
-title: "[feature request]"
+title: "[feature request] YOUR_TITLE"
 labels: kind/feature-request
-assignees: jian-he
+assignees: FillZpp
 
 ---
 

.github/PULL_REQUEST_TEMPLATE.md

@@ -8,13 +8,8 @@ https://github.com/openkruise/kruise/blob/master/CONTRIBUTING.md -->
 ### Ⅱ. Does this pull request fix one issue?
 <!--If so, add "fixes #xxxx" below in the next line, for example, fixes #15. Otherwise, add "NONE" -->
 
-
-### Ⅲ. List the added test cases (unit test/integration test) if any, please explain if no tests are needed.
+### Ⅲ. Describe how to verify it
 
 
-### Ⅳ. Describe how to verify it
-
-
-### Ⅴ. Special notes for reviews
-
+### Ⅳ. Special notes for reviews
 

.github/dependabot.yaml

@@ -0,0 +1,17 @@
+# This YAML configuration file is used to enable Dependabot for automated dependency management.
+# Dependabot helps keep the project's dependencies up-to-date by automatically creating pull requests
+# for outdated dependencies based on the version constraints defined in your project.
+# For more information and customization options, please refer to the Dependabot documentation:
+# Documentation: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically
+# Configuration options: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+version: 2
+updates:
+- package-ecosystem: "github-actions"
+  directory: "/"
+  # Allow up to 10 open pull requests for update github-actions
+  # 5 by default
+  # see https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit
+  open-pull-requests-limit: 10
+  schedule:
+    # Check for updates to GitHub Actions every week
+    interval: "weekly"

.github/workflows/ci.yaml

@@ -5,13 +5,16 @@ on:
     branches:
       - master
       - release-*
-  pull_request: {}
-  workflow_dispatch: {}
+  pull_request: { }
+  workflow_dispatch: { }
+
+# Declare default permissions as read only.
+permissions: read-all
 
 env:
   # Common versions
-  GO_VERSION: '1.16'
-  GOLANGCI_VERSION: 'v1.42'
+  GO_VERSION: '1.23'
+  GOLANGCI_VERSION: 'v2.1'
   DOCKER_BUILDX_VERSION: 'v0.4.2'
 
   # Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run
@@ -21,20 +24,32 @@ env:
   AWS_USR: ${{ secrets.AWS_USR }}
 
 jobs:
+  typos-check:
+    name: Spell Check with Typos
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout Actions Repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Check spelling with custom config file
+        uses: crate-ci/typos@a67079b4ae32e18c3f53d75368c52ce53b5fb56b # v1.35.4
+        with:
+          config: ./typos.toml
 
   golangci-lint:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-24.04
+    permissions:
+      security-events: write
     steps:
-      - name: Checkout
-        uses: actions/checkout@v2
+      - name: Checkout Code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           submodules: true
       - name: Setup Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
         with:
           go-version: ${{ env.GO_VERSION }}
       - name: Cache Go Dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@@ -43,25 +58,39 @@ jobs:
         run: |
           make generate
       - name: Lint golang code
-        uses: golangci/golangci-lint-action@v2
+        uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0
         with:
           version: ${{ env.GOLANGCI_VERSION }}
           args: --verbose
+          skip-pkg-cache: true
+          mod: readonly
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@77137e9dc3ab1b329b7c8a38c2eb7475850a14e8 # master
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
+        with:
+          sarif_file: 'trivy-results.sarif'
 
-  markdownlint-misspell-shellcheck:
-    runs-on: ubuntu-18.04
-    # this image is build from Dockerfile
-    # https://github.com/pouchcontainer/pouchlinter/blob/master/Dockerfile
-    container: pouchcontainer/pouchlinter:v0.1.2
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Run misspell
-        run: find  ./* -name  "*"  | grep -v vendor | xargs misspell -error
-      - name: Run shellcheck
-        run: find ./ -name "*.sh" | grep -v vendor | xargs shellcheck
-      - name: Lint markdown files
-        run: find  ./ -name  "*.md" | grep -v vendor | grep -v commandline |  grep -v .github |  grep -v swagger |  grep -v api |  xargs mdl -r ~MD010,~MD013,~MD022,~MD024,~MD029,~MD031,~MD032,~MD033,~MD036
+#  markdownlint-misspell-shellcheck:
+#    runs-on: ubuntu-24.04
+#    # this image is build from Dockerfile
+#    # https://github.com/pouchcontainer/pouchlinter/blob/master/Dockerfile
+#    container: pouchcontainer/pouchlinter:v0.1.2
+#    steps:
+#      - name: Checkout
+#        uses: actions/checkout@v3
+#      - name: Run misspell
+#        run: find  ./* -name  "*"  | grep -v vendor | xargs misspell -error
+#      - name: Run shellcheck
+#        run: find ./ -name "*.sh" | grep -v vendor | xargs shellcheck
+#      - name: Lint markdown files
+#        run: find  ./ -name  "*.md" | grep -v vendor | grep -v commandline |  grep -v .github |  grep -v swagger |  grep -v api |  xargs mdl -r ~MD010,~MD013,~MD014,~MD022,~MD024,~MD029,~MD031,~MD032,~MD033,~MD036
 #      - name: Check markdown links
 #        run: |
 #          set +e
@@ -76,19 +105,19 @@ jobs:
 #          bash -c "exit $code";
 
   unit-tests:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           submodules: true
       - name: Fetch History
         run: git fetch --prune --unshallow
       - name: Setup Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
         with:
           go-version: ${{ env.GO_VERSION }}
       - name: Cache Go Dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@@ -98,9 +127,42 @@ jobs:
           make test
           git status
       - name: Publish Unit Test Coverage
-        uses: codecov/codecov-action@v1
+        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
         with:
+          token: ${{ secrets.CODECOV_TOKEN }}
           flags: unittests
           file: cover.out
-      - name: Check diff
-        run: '[[ -z $(git status -s) ]] || (printf "Existing modified/untracked files.\nPlease run \"make generate manifests\" and push again.\n"; exit 1)'
+  # See: https://google.github.io/oss-fuzz/getting-started/continuous-integration/
+  Fuzzing:
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    steps:
+      - name: Build Fuzzers
+        id: build
+        uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@abe2c06d0e162320403dd10e8268adbb0b8923f8 # master
+        with:
+          oss-fuzz-project-name: 'openkruise'
+          language: go
+      - name: Run Fuzzers
+        uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@abe2c06d0e162320403dd10e8268adbb0b8923f8 # master
+        with:
+          oss-fuzz-project-name: 'openkruise'
+          language: go
+          fuzz-seconds: 1200
+          output-sarif: true
+      - name: Upload Crash
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        if: failure() && steps.build.outcome == 'success'
+        with:
+          name: artifacts
+          path: ./out/artifacts
+      - name: Upload Sarif
+        if: always() && steps.build.outcome == 'success'
+        uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: cifuzz-sarif/results.sarif
+          checkout_path: cifuzz-sarif

.github/workflows/codeql.yml

@@ -0,0 +1,84 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master", "release-*"]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master" ]
+
+
+permissions: 
+  contents: read
+
+jobs:
+  analyze:
+    name: Analyze
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners
+    # Consider using larger runners for possible analysis time improvements.
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+        # CodeQL supports [ 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' ]
+        # Use only 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use only 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+
+    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #     echo "Run, Build Application using script"
+    #     ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/docker-image.yaml

@@ -0,0 +1,28 @@
+name: Docker Image CI
+
+on:
+  workflow_dispatch:
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.HUB_KRIUSE }}
+      - name: Build the Docker image
+        run: |
+          docker buildx create --use --platform=linux/amd64,linux/arm64,linux/ppc64le --name multi-platform-builder
+          docker buildx ls
+          IMG=openkruise/kruise-manager:${{ github.ref_name }} make docker-multiarch

.github/workflows/e2e-1.16.yaml

@@ -1,310 +0,0 @@
-name: E2E-1.16
-
-on:
-  push:
-    branches:
-      - master
-      - release-*
-  pull_request: {}
-  workflow_dispatch: {}
-
-env:
-  # Common versions
-  GO_VERSION: '1.16'
-  KIND_IMAGE: 'kindest/node:v1.16.15'
-  KIND_CLUSTER_NAME: 'ci-testing'
-
-jobs:
-
-  astatefulset:
-    runs-on: ubuntu-18.04
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          submodules: true
-      - name: Setup Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      - name: Setup Kind Cluster
-        uses: helm/kind-action@v1.2.0
-        with:
-          node_image: ${{ env.KIND_IMAGE }}
-          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
-          config: ./test/kind-conf.yaml
-      - name: Build image
-        run: |
-          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
-          docker build --pull --no-cache . -t $IMAGE
-          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
-      - name: Install Kruise
-        run: |
-          set -ex
-          kubectl cluster-info
-          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} ./scripts/deploy_kind.sh
-          NODES=$(kubectl get node | wc -l)
-          for ((i=1;i<10;i++));
-          do
-            set +e
-            PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-            set -e
-            if [ "$PODS" -eq "$NODES" ]; then
-              break
-            fi
-            sleep 3
-          done
-          set +e
-          PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-          kubectl get node -o yaml
-          kubectl get all -n kruise-system -o yaml
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system --previous=true
-          set -e
-          if [ "$PODS" -eq "$NODES" ]; then
-            echo "Wait for kruise-manager and kruise-daemon ready successfully"
-          else
-            echo "Timeout to wait for kruise-manager and kruise-daemon ready"
-            exit 1
-          fi
-      - name: Run E2E Tests
-        run: |
-          export KUBECONFIG=/home/runner/.kube/config
-          make ginkgo
-          ./scripts/generate_bindata.sh
-          ./bin/ginkgo -timeout 60m -v --focus='\[apps\] StatefulSet' test/e2e
-
-  pullimages-containerrecreate:
-    runs-on: ubuntu-18.04
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          submodules: true
-      - name: Setup Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      - name: Setup Kind Cluster
-        uses: helm/kind-action@v1.2.0
-        with:
-          node_image: ${{ env.KIND_IMAGE }}
-          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
-          config: ./test/kind-conf.yaml
-      - name: Build image
-        run: |
-          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
-          docker build --pull --no-cache . -t $IMAGE
-          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
-      - name: Install Kruise
-        run: |
-          set -ex
-          kubectl cluster-info
-          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} ./scripts/deploy_kind.sh
-          NODES=$(kubectl get node | wc -l)
-          for ((i=1;i<10;i++));
-          do
-            set +e
-            PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-            set -e
-            if [ "$PODS" -eq "$NODES" ]; then
-              break
-            fi
-            sleep 3
-          done
-          set +e
-          PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-          kubectl get node -o yaml
-          kubectl get all -n kruise-system -o yaml
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system --previous=true
-          set -e
-          if [ "$PODS" -eq "$NODES" ]; then
-            echo "Wait for kruise-manager and kruise-daemon ready successfully"
-          else
-            echo "Timeout to wait for kruise-manager and kruise-daemon ready"
-            exit 1
-          fi
-      - name: Run E2E Tests
-        run: |
-          export KUBECONFIG=/home/runner/.kube/config
-          make ginkgo
-          ./scripts/generate_bindata.sh
-          ./bin/ginkgo -timeout 60m -v --focus='\[apps\] (PullImage|ContainerRecreateRequest)' test/e2e
-
-  advanced-daemonset:
-    runs-on: ubuntu-18.04
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          submodules: true
-      - name: Setup Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      - name: Setup Kind Cluster
-        uses: helm/kind-action@v1.2.0
-        with:
-          node_image: ${{ env.KIND_IMAGE }}
-          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
-          config: ./test/kind-conf.yaml
-      - name: Build image
-        run: |
-          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
-          docker build --pull --no-cache . -t $IMAGE
-          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
-      - name: Install Kruise
-        run: |
-          set -ex
-          kubectl cluster-info
-          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} ./scripts/deploy_kind.sh
-          NODES=$(kubectl get node | wc -l)
-          for ((i=1;i<10;i++));
-          do
-            set +e
-            PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-            set -e
-            if [ "$PODS" -eq "$NODES" ]; then
-              break
-            fi
-            sleep 3
-          done
-          set +e
-          PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-          kubectl get node -o yaml
-          kubectl get all -n kruise-system -o yaml
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system --previous=true
-          set -e
-          if [ "$PODS" -eq "$NODES" ]; then
-            echo "Wait for kruise-manager and kruise-daemon ready successfully"
-          else
-            echo "Timeout to wait for kruise-manager and kruise-daemon ready"
-            exit 1
-          fi
-      - name: Run E2E Tests
-        run: |
-          export KUBECONFIG=/home/runner/.kube/config
-          make ginkgo
-          ./scripts/generate_bindata.sh
-          ./bin/ginkgo -timeout 60m -v --focus='\[apps\] DaemonSet' test/e2e
-
-  sidecarset:
-    runs-on: ubuntu-18.04
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          submodules: true
-      - name: Setup Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      - name: Setup Kind Cluster
-        uses: helm/kind-action@v1.2.0
-        with:
-          node_image: ${{ env.KIND_IMAGE }}
-          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
-          config: ./test/kind-conf.yaml
-      - name: Build image
-        run: |
-          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
-          docker build --pull --no-cache . -t $IMAGE
-          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
-      - name: Install Kruise
-        run: |
-          set -ex
-          kubectl cluster-info
-          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} ./scripts/deploy_kind.sh
-          NODES=$(kubectl get node | wc -l)
-          for ((i=1;i<10;i++));
-          do
-            set +e
-            PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-            set -e
-            if [ "$PODS" -eq "$NODES" ]; then
-              break
-            fi
-            sleep 3
-          done
-          set +e
-          PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-          kubectl get node -o yaml
-          kubectl get all -n kruise-system -o yaml
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system --previous=true
-          set -e
-          if [ "$PODS" -eq "$NODES" ]; then
-            echo "Wait for kruise-manager and kruise-daemon ready successfully"
-          else
-            echo "Timeout to wait for kruise-manager and kruise-daemon ready"
-            exit 1
-          fi
-      - name: Run E2E Tests
-        run: |
-          export KUBECONFIG=/home/runner/.kube/config
-          make ginkgo
-          ./scripts/generate_bindata.sh
-          ./bin/ginkgo -timeout 60m -v --focus='\[apps\] SidecarSet' test/e2e
-
-  other:
-    runs-on: ubuntu-18.04
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          submodules: true
-      - name: Setup Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      - name: Setup Kind Cluster
-        uses: helm/kind-action@v1.2.0
-        with:
-          node_image: ${{ env.KIND_IMAGE }}
-          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
-          config: ./test/kind-conf.yaml
-      - name: Build image
-        run: |
-          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
-          docker build --pull --no-cache . -t $IMAGE
-          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
-      - name: Install Kruise
-        run: |
-          set -ex
-          kubectl cluster-info
-          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} ./scripts/deploy_kind.sh
-          NODES=$(kubectl get node | wc -l)
-          for ((i=1;i<10;i++));
-          do
-            set +e
-            PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-            set -e
-            if [ "$PODS" -eq "$NODES" ]; then
-              break
-            fi
-            sleep 3
-          done
-          set +e
-          PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-          kubectl get node -o yaml
-          kubectl get all -n kruise-system -o yaml
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system --previous=true
-          set -e
-          if [ "$PODS" -eq "$NODES" ]; then
-            echo "Wait for kruise-manager and kruise-daemon ready successfully"
-          else
-            echo "Timeout to wait for kruise-manager and kruise-daemon ready"
-            exit 1
-          fi
-      - name: Run E2E Tests
-        run: |
-          export KUBECONFIG=/home/runner/.kube/config
-          make ginkgo
-          ./scripts/generate_bindata.sh
-          set +e
-          ./bin/ginkgo -timeout 60m -v --skip='\[apps\] (StatefulSet|PullImage|ContainerRecreateRequest|DaemonSet|SidecarSet)' test/e2e
-#          retVal=$?
-#          if [ $retVal -ne 0 ]; then
-#            kubectl get pod -n kruise-system -o wide
-#            kubectl get pod -n kruise-system --no-headers | grep manager | awk '{print $1}' | xargs kubectl logs -n kruise-system
-#            kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system
-#          fi
-#          exit $retVal

.github/workflows/e2e-1.22.yaml

@@ -1,310 +0,0 @@
-name: E2E-1.22
-
-on:
-  push:
-    branches:
-      - master
-      - release-*
-  pull_request: {}
-  workflow_dispatch: {}
-
-env:
-  # Common versions
-  GO_VERSION: '1.16'
-  KIND_IMAGE: 'kindest/node:v1.22.0'
-  KIND_CLUSTER_NAME: 'ci-testing'
-
-jobs:
-
-  astatefulset:
-    runs-on: ubuntu-18.04
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          submodules: true
-      - name: Setup Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      - name: Setup Kind Cluster
-        uses: helm/kind-action@v1.2.0
-        with:
-          node_image: ${{ env.KIND_IMAGE }}
-          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
-          config: ./test/kind-conf.yaml
-      - name: Build image
-        run: |
-          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
-          docker build --pull --no-cache . -t $IMAGE
-          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
-      - name: Install Kruise
-        run: |
-          set -ex
-          kubectl cluster-info
-          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} ./scripts/deploy_kind.sh
-          NODES=$(kubectl get node | wc -l)
-          for ((i=1;i<10;i++));
-          do
-            set +e
-            PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-            set -e
-            if [ "$PODS" -eq "$NODES" ]; then
-              break
-            fi
-            sleep 3
-          done
-          set +e
-          PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-          kubectl get node -o yaml
-          kubectl get all -n kruise-system -o yaml
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system --previous=true
-          set -e
-          if [ "$PODS" -eq "$NODES" ]; then
-            echo "Wait for kruise-manager and kruise-daemon ready successfully"
-          else
-            echo "Timeout to wait for kruise-manager and kruise-daemon ready"
-            exit 1
-          fi
-      - name: Run E2E Tests
-        run: |
-          export KUBECONFIG=/home/runner/.kube/config
-          make ginkgo
-          ./scripts/generate_bindata.sh
-          ./bin/ginkgo -timeout 60m -v --focus='\[apps\] StatefulSet' test/e2e
-
-  pullimages-containerrecreate:
-    runs-on: ubuntu-18.04
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          submodules: true
-      - name: Setup Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      - name: Setup Kind Cluster
-        uses: helm/kind-action@v1.2.0
-        with:
-          node_image: ${{ env.KIND_IMAGE }}
-          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
-          config: ./test/kind-conf.yaml
-      - name: Build image
-        run: |
-          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
-          docker build --pull --no-cache . -t $IMAGE
-          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
-      - name: Install Kruise
-        run: |
-          set -ex
-          kubectl cluster-info
-          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} ./scripts/deploy_kind.sh
-          NODES=$(kubectl get node | wc -l)
-          for ((i=1;i<10;i++));
-          do
-            set +e
-            PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-            set -e
-            if [ "$PODS" -eq "$NODES" ]; then
-              break
-            fi
-            sleep 3
-          done
-          set +e
-          PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-          kubectl get node -o yaml
-          kubectl get all -n kruise-system -o yaml
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system --previous=true
-          set -e
-          if [ "$PODS" -eq "$NODES" ]; then
-            echo "Wait for kruise-manager and kruise-daemon ready successfully"
-          else
-            echo "Timeout to wait for kruise-manager and kruise-daemon ready"
-            exit 1
-          fi
-      - name: Run E2E Tests
-        run: |
-          export KUBECONFIG=/home/runner/.kube/config
-          make ginkgo
-          ./scripts/generate_bindata.sh
-          ./bin/ginkgo -timeout 60m -v --focus='\[apps\] (PullImage|ContainerRecreateRequest)' test/e2e
-
-  advanced-daemonset:
-    runs-on: ubuntu-18.04
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          submodules: true
-      - name: Setup Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      - name: Setup Kind Cluster
-        uses: helm/kind-action@v1.2.0
-        with:
-          node_image: ${{ env.KIND_IMAGE }}
-          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
-          config: ./test/kind-conf.yaml
-      - name: Build image
-        run: |
-          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
-          docker build --pull --no-cache . -t $IMAGE
-          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
-      - name: Install Kruise
-        run: |
-          set -ex
-          kubectl cluster-info
-          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} ./scripts/deploy_kind.sh
-          NODES=$(kubectl get node | wc -l)
-          for ((i=1;i<10;i++));
-          do
-            set +e
-            PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-            set -e
-            if [ "$PODS" -eq "$NODES" ]; then
-              break
-            fi
-            sleep 3
-          done
-          set +e
-          PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-          kubectl get node -o yaml
-          kubectl get all -n kruise-system -o yaml
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system --previous=true
-          set -e
-          if [ "$PODS" -eq "$NODES" ]; then
-            echo "Wait for kruise-manager and kruise-daemon ready successfully"
-          else
-            echo "Timeout to wait for kruise-manager and kruise-daemon ready"
-            exit 1
-          fi
-      - name: Run E2E Tests
-        run: |
-          export KUBECONFIG=/home/runner/.kube/config
-          make ginkgo
-          ./scripts/generate_bindata.sh
-          ./bin/ginkgo -timeout 60m -v --focus='\[apps\] DaemonSet' test/e2e
-
-  sidecarset:
-    runs-on: ubuntu-18.04
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          submodules: true
-      - name: Setup Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      - name: Setup Kind Cluster
-        uses: helm/kind-action@v1.2.0
-        with:
-          node_image: ${{ env.KIND_IMAGE }}
-          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
-          config: ./test/kind-conf.yaml
-      - name: Build image
-        run: |
-          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
-          docker build --pull --no-cache . -t $IMAGE
-          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
-      - name: Install Kruise
-        run: |
-          set -ex
-          kubectl cluster-info
-          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} ./scripts/deploy_kind.sh
-          NODES=$(kubectl get node | wc -l)
-          for ((i=1;i<10;i++));
-          do
-            set +e
-            PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-            set -e
-            if [ "$PODS" -eq "$NODES" ]; then
-              break
-            fi
-            sleep 3
-          done
-          set +e
-          PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-          kubectl get node -o yaml
-          kubectl get all -n kruise-system -o yaml
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system --previous=true
-          set -e
-          if [ "$PODS" -eq "$NODES" ]; then
-            echo "Wait for kruise-manager and kruise-daemon ready successfully"
-          else
-            echo "Timeout to wait for kruise-manager and kruise-daemon ready"
-            exit 1
-          fi
-      - name: Run E2E Tests
-        run: |
-          export KUBECONFIG=/home/runner/.kube/config
-          make ginkgo
-          ./scripts/generate_bindata.sh
-          ./bin/ginkgo -timeout 60m -v --focus='\[apps\] SidecarSet' test/e2e
-
-  other:
-    runs-on: ubuntu-18.04
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          submodules: true
-      - name: Setup Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ env.GO_VERSION }}
-      - name: Setup Kind Cluster
-        uses: helm/kind-action@v1.2.0
-        with:
-          node_image: ${{ env.KIND_IMAGE }}
-          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
-          config: ./test/kind-conf.yaml
-      - name: Build image
-        run: |
-          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
-          docker build --pull --no-cache . -t $IMAGE
-          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
-      - name: Install Kruise
-        run: |
-          set -ex
-          kubectl cluster-info
-          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} ./scripts/deploy_kind.sh
-          NODES=$(kubectl get node | wc -l)
-          for ((i=1;i<10;i++));
-          do
-            set +e
-            PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-            set -e
-            if [ "$PODS" -eq "$NODES" ]; then
-              break
-            fi
-            sleep 3
-          done
-          set +e
-          PODS=$(kubectl get pod -n kruise-system | grep '1/1' | wc -l)
-          kubectl get node -o yaml
-          kubectl get all -n kruise-system -o yaml
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system
-          kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system --previous=true
-          set -e
-          if [ "$PODS" -eq "$NODES" ]; then
-            echo "Wait for kruise-manager and kruise-daemon ready successfully"
-          else
-            echo "Timeout to wait for kruise-manager and kruise-daemon ready"
-            exit 1
-          fi
-      - name: Run E2E Tests
-        run: |
-          export KUBECONFIG=/home/runner/.kube/config
-          make ginkgo
-          ./scripts/generate_bindata.sh
-          set +e
-          ./bin/ginkgo -timeout 60m -v --skip='\[apps\] (StatefulSet|PullImage|ContainerRecreateRequest|DaemonSet|SidecarSet)' test/e2e
-#          retVal=$?
-#          if [ $retVal -ne 0 ]; then
-#            kubectl get pod -n kruise-system -o wide
-#            kubectl get pod -n kruise-system --no-headers | grep manager | awk '{print $1}' | xargs kubectl logs -n kruise-system
-#            kubectl get pod -n kruise-system --no-headers | grep daemon | awk '{print $1}' | xargs kubectl logs -n kruise-system
-#          fi
-#          exit $retVal

.github/workflows/e2e-1.24.yaml

@@ -0,0 +1,298 @@
+name: E2E-1.24
+
+on:
+  push:
+    branches:
+      - master
+      - release-*
+  pull_request: {}
+  workflow_dispatch: {}
+
+# Declare default permissions as read only.
+permissions: read-all
+
+env:
+  # Common versions
+  GO_VERSION: '1.23'
+  KIND_ACTION_VERSION: 'v1.3.0'
+  KIND_VERSION: 'v0.14.0'
+  KIND_IMAGE: 'kindest/node:v1.24.6'
+  KIND_CLUSTER_NAME: 'ci-testing'
+
+jobs:
+  astatefulset-storage:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Install-CSI
+        run: |
+          make install-csi
+
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'VolumeExpansion' --print-info
+  astatefulset:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'StatefulSet' --print-info
+
+  cloneset:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Install-CSI
+        run: |
+          make install-csi
+
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(CloneSet|ContainerMeta)' --print-info
+
+  operation:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(PullImage|ContainerRecreateRequest|PullImages|ResourceDistribution|PersistentPodState|PodProbeMarker)' --print-info
+
+  advanced-daemonset:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'DaemonSet' --print-info
+
+  sidecar:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'SidecarSet|SidecarTerminator|ContainerPriority' --print-info
+
+  job-workload:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(EphemeralJob|BroadcastJob)' --print-info
+
+
+  policy:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(PodUnavailableBudget|DeletionProtection)' --print-info
+  multidomain:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          ENABLE_E2E_CONFIG=true IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(UnitedDeployment|WorkloadSpread)' --print-info

.github/workflows/e2e-1.26.yaml

@@ -0,0 +1,295 @@
+name: E2E-1.26
+
+on:
+  push:
+    branches:
+      - master
+      - release-*
+  pull_request: {}
+  workflow_dispatch: {}
+
+# Declare default permissions as read only.
+permissions: read-all
+
+env:
+  # Common versions
+  GO_VERSION: '1.23'
+  KIND_VERSION: 'v0.18.0'
+  KIND_IMAGE: 'kindest/node:v1.26.3'
+  KIND_CLUSTER_NAME: 'ci-testing'
+
+jobs:
+  astatefulset-storage:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Install-CSI
+        run: |
+         make install-csi
+
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'VolumeExpansion' --print-info
+  astatefulset:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'StatefulSet' --print-info
+  cloneset:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Install-CSI
+        run: |
+          make install-csi
+
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(CloneSet|ContainerMeta)' --print-info
+
+  operation:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(PullImage|ContainerRecreateRequest|PullImages|ResourceDistribution|PersistentPodState|PodProbeMarker)' --print-info
+
+  advanced-daemonset:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'DaemonSet' --print-info
+
+  sidecar:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'SidecarSet|SidecarTerminator|ContainerPriority' --print-info
+
+  job-workload:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(EphemeralJob|BroadcastJob)' --print-info
+
+  policy:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(PodUnavailableBudget|DeletionProtection)' --print-info
+  multidomain:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          ENABLE_E2E_CONFIG=true IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(UnitedDeployment|WorkloadSpread)' --print-info

.github/workflows/e2e-1.28.yaml

@@ -0,0 +1,298 @@
+name: E2E-1.28
+
+on:
+  push:
+    branches:
+      - master
+      - release-*
+  pull_request: {}
+  workflow_dispatch: {}
+
+# Declare default permissions as read only.
+permissions: read-all
+
+env:
+  # Common versions
+  GO_VERSION: '1.23'
+  KIND_VERSION: 'v0.22.0'
+  KIND_IMAGE: 'kindest/node:v1.28.7'
+  KIND_CLUSTER_NAME: 'ci-testing'
+
+jobs:
+  astatefulset-storage:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Install-CSI
+        run: |
+          make install-csi
+
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'VolumeExpansion' --print-info
+
+  astatefulset:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'StatefulSet' --print-info
+
+  operation:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(PullImage|ContainerRecreateRequest|PullImages|ResourceDistribution|PersistentPodState|PodProbeMarker)' --print-info
+
+  advanced-daemonset:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'DaemonSet' --print-info
+
+  sidecar:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+         IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'SidecarSet|SidecarTerminator|ContainerPriority' --print-info
+
+  job-workload:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(EphemeralJob|BroadcastJob)' --print-info
+
+  policy:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(PodUnavailableBudget|DeletionProtection)' --print-info
+
+  cloneset:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Install-CSI
+        run: |
+          make install-csi
+
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          ENABLE_E2E_CONFIG=true IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(CloneSet|ContainerMeta|InplaceVPA)' --print-info
+
+  multidomain:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          ENABLE_E2E_CONFIG=true IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(UnitedDeployment|WorkloadSpread)' --print-info

.github/workflows/e2e-1.30.yaml

@@ -0,0 +1,298 @@
+name: E2E-1.30
+
+on:
+  push:
+    branches:
+      - master
+      - release-*
+  pull_request: {}
+  workflow_dispatch: {}
+
+# Declare default permissions as read only.
+permissions: read-all
+
+env:
+  # Common versions
+  GO_VERSION: '1.23'
+  KIND_VERSION: 'v0.22.0'
+  KIND_IMAGE: 'kindest/node:v1.30.8'
+  KIND_CLUSTER_NAME: 'ci-testing'
+
+jobs:
+  astatefulset-storage:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Install-CSI
+        run: |
+          make install-csi
+
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'VolumeExpansion' --print-info
+
+  astatefulset:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'StatefulSet' --print-info
+
+  operation:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(PullImage|ContainerRecreateRequest|PullImages|ResourceDistribution|PersistentPodState|PodProbeMarker)' --print-info
+
+  advanced-daemonset:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'DaemonSet' --print-info
+
+  sidecar:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'SidecarSet|SidecarTerminator|ContainerPriority' --print-info
+
+  job-workload:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(EphemeralJob|BroadcastJob)' --print-info
+
+  policy:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(PodUnavailableBudget|DeletionProtection)' --print-info
+
+  cloneset:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Install-CSI
+        run: |
+          make install-csi
+
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(CloneSet|ContainerMeta|InplaceVPA)' --print-info
+
+  multidomain:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          ENABLE_E2E_CONFIG=true IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(UnitedDeployment|WorkloadSpread)' --print-info

.github/workflows/e2e-1.32.yaml

@@ -0,0 +1,298 @@
+name: E2E-1.32
+
+on:
+  push:
+    branches:
+      - master
+      - release-*
+  pull_request: {}
+  workflow_dispatch: {}
+
+# Declare default permissions as read only.
+permissions: read-all
+
+env:
+  # Common versions
+  GO_VERSION: '1.23'
+  KIND_VERSION: 'v0.22.0'
+  KIND_IMAGE: 'kindest/node:v1.32.0'
+  KIND_CLUSTER_NAME: 'ci-testing'
+
+jobs:
+  astatefulset-storage:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Install-CSI
+        run: |
+          make install-csi
+
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'VolumeExpansion' --print-info
+
+  astatefulset:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'StatefulSet' --print-info
+
+  operation:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(PullImage|ContainerRecreateRequest|PullImages|ResourceDistribution|PersistentPodState|PodProbeMarker)' --print-info
+
+  advanced-daemonset:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'DaemonSet' --print-info
+
+  sidecar:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus 'SidecarSet|SidecarTerminator|ContainerPriority' --print-info
+
+  job-workload:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(EphemeralJob|BroadcastJob)' --print-info
+
+  policy:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(PodUnavailableBudget|DeletionProtection)' --print-info
+
+  cloneset:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Install-CSI
+        run: |
+          make install-csi
+
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(CloneSet|ContainerMeta|InplaceVPA)' --print-info
+
+  multidomain:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: true
+      - name: Setup Go
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+      - name: Setup Kind Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
+        with:
+          node_image: ${{ env.KIND_IMAGE }}
+          cluster_name: ${{ env.KIND_CLUSTER_NAME }}
+          config: ./test/kind-conf-with-vpa.yaml
+          version: ${{ env.KIND_VERSION }}
+      - name: Build image
+        run: |
+          export IMAGE="openkruise/kruise-manager:e2e-${GITHUB_RUN_ID}"
+          docker build --pull --no-cache . -t $IMAGE
+          kind load docker-image --name=${KIND_CLUSTER_NAME} $IMAGE || { echo >&2 "kind not installed or error loading image: $IMAGE"; exit 1; }
+      - name: Install Kruise
+        run: |
+          ENABLE_E2E_CONFIG=true IMG=openkruise/kruise-manager:e2e-${GITHUB_RUN_ID} make install-kruise
+      - name: Run E2E Tests
+        run: |
+          export KUBECONFIG=/home/runner/.kube/config
+          tools/hack/run-kruise-e2e-test.sh --focus '(UnitedDeployment|WorkloadSpread)' --print-info

.github/workflows/license.yml

@@ -10,14 +10,17 @@ on:
       - master
       - release-*
 
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   license_check:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     name: Check for unapproved licenses
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@efbf473cab83af4468e8606cc33eca9281bb213f # v1.256.0
         with:
           ruby-version: 2.6
       - name: Install dependencies

.github/workflows/scorecard.yml

@@ -0,0 +1,72 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '30 14 * * *'
+  push:
+    branches: [ "master" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      # Uncomment the permissions below if installing in a private repository.
+      # contents: read
+      # actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecard on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v2.25.0
+        with:
+          sarif_file: results.sarif

.gitignore

@@ -28,3 +28,5 @@ test/e2e/generated/bindata.go
 .vscode
 
 .DS_Store
+
+vendor/

.golangci.yml

@@ -1,86 +1,73 @@
-# options for analysis running
+version: "2"
 run:
-  # default concurrency is a available CPU number
   concurrency: 4
-
-  # timeout for analysis, e.g. 30s, 5m, default is 1m
-  deadline: 5m
-
-  # exit code when at least one issue was found, default is 1
   issues-exit-code: 1
-
-  # include test files or not, default is true
   tests: true
 
-  # list of build tags, all linters use it. Default is empty list.
-  #build-tags:
-  #  - mytag
-
-  # which dirs to skip: they won't be analyzed;
-  # can use regexp here: generated.*, regexp is applied on full path;
-  # default value is empty list, but next dirs are always skipped independently
-  # from this option's value:
-  # third_party$, testdata$, examples$, Godeps$, builtin$
-  skip-dirs:
-    - apis
-    - pkg/client
-    - vendor
-    - test
-
-  # which files to skip: they will be analyzed, but issues from them
-  # won't be reported. Default value is empty list, but there is
-  # no need to include all autogenerated files, we confidently recognize
-  # autogenerated files. If it's not please let us know.
-  skip-files:
-  #  - ".*\\.my\\.go$"
-  #  - lib/bad.go
 
 # output configuration options
 output:
-  # colored-line-number|line-number|json|tab|checkstyle, default is "colored-line-number"
-  format: colored-line-number
-
-  # print lines of code with issue, default is true
-  print-issued-lines: true
-
-  # print linter name in the end of issue text, default is true
-  print-linter-name: true
-
-
-# all available settings of specific linters
-linters-settings:
-  golint:
-    # minimal confidence for issues, default is 0.8
-    min-confidence: 0.8
-  gofmt:
-    # simplify code: gofmt with `-s` option, true by default
-    simplify: true
-  goimports:
-    # put imports beginning with prefix after 3rd-party packages;
-    # it's a comma-separated list of prefixes
-    #local-prefixes: github.com/openkruise/kruise
-  misspell:
-    # Correct spellings using locale preferences for US or UK.
-    # Default is to use a neutral variety of English.
-    # Setting locale to US will correct the British spelling of 'colour' to 'color'.
-    locale: default
-    #ignore-words:
-    #  - someword
-
+  formats:
+    text:
+      path: stdout
+      colors: true
 linters:
-  fast: false
-  disable-all: true
+  default: none
   enable:
-    # TODO Enforce the below linters later
-    - deadcode
-    - gofmt
+    - depguard
     - govet
-    - goimports
     - ineffassign
     - misspell
-    - vet
     - unconvert
-issues:
-  exclude:
-    # staticcheck
-    - 'SA1019: package github.com/golang/protobuf/proto is deprecated: Use the "google.golang.org/protobuf/proto" package instead'
+    - unused
+  settings:
+    misspell:
+      # Correct spellings using locale preferences for US or UK.
+      # Default is to use a neutral variety of English.
+      # Setting locale to US will correct the British spelling of 'colour' to 'color'.
+      locale: US
+    depguard:
+      rules:
+        forbid-pkg-errors:
+          deny:
+          - pkg: "github.com/pkg/errors"
+            desc: Should be replaced with standard lib errors or fmt.Errorf
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    rules:
+      - path: (.+)\.go$
+        text: 'SA1019: package github.com/golang/protobuf/proto is deprecated: Use the "google.golang.org/protobuf/proto" package instead'
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+      - apis
+      - pkg/client
+      - vendor
+      - test
+formatters:
+  enable:
+  - gofmt
+  - goimports
+  settings:
+    gofmt:
+      simplify: true
+    goimports:
+      # put imports beginning with prefix after 3rd-party packages;
+      local-prefixes: 
+      - github.com/openkruise/kruise
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+      - apis
+      - pkg/client
+      - vendor
+      - test

CHANGELOG.md

@@ -1,5 +1,788 @@
 # Change Log
 
+## v1.8.2
+> Change log since v1.8.1
+
+### Bug fixes
+- Fix kruise-daemon panic exception due to PodProbeMarker when container is nil. ([#1974](https://github.com/openkruise/kruise/pull/1974), [@zmberg](https://github.com/zmberg))
+
+## v1.8.1
+> Change log since v1.8.0
+
+### Bug fixes
+- JobSidecarTerminator support ignore exit code capability via env. ([#1949](https://github.com/openkruise/kruise/pull/1949), [@zmberg](https://github.com/zmberg))
+
+### Performance Improvements
+- Performance optimized PodProbeMarker to reduce many invalid patch operations ([#2007](https://github.com/openkruise/kruise/pull/2007), [@zmberg](https://github.com/zmberg))
+
+## v1.7.4
+> Change log since v1.7.3
+
+### Bug fixes
+- JobSidecarTerminator support ignore exit code capability via env. ([#1949](https://github.com/openkruise/kruise/pull/1949), [@zmberg](https://github.com/zmberg))
+
+## v1.8.0
+
+> Change log since v1.7.3
+### Upgrade Notice
+> No, really, you must read this before you upgrade
+- **Disable** the following feature gates by default: ResourcesDeletionProtection ([#1919](https://github.com/openkruise/kruise/pull/1919), [@ABNER-1](https://github.com/ABNER-1))
+- Promote these feature gates to beta:  
+  `ResourcesDeletionProtection`, `WorkloadSpread`, `PodUnavailableBudgetDeleteGate`, `InPlaceUpdateEnvFromMetadata`,
+  `StatefulSetAutoDeletePVC`,
+  `PodProbeMarkerGate` ([#1919](https://github.com/openkruise/kruise/pull/1919), [@ABNER-1](https://github.com/ABNER-1))
+- Update Kubernetes dependency to v1.30.10 and Golang to v1.22 ([#1896](https://github.com/openkruise/kruise/pull/1896), [@ABNER-1](https://github.com/ABNER-1), [#1924](https://github.com/openkruise/kruise/pull/1924), [@furykerry](https://github.com/furykerry)))
+- Prior to Kruise 1.7.3, `helm uninstall` is a **high-risk** operation that deletes Kruise, its CRDs, and associated CRs. Starting from Kruise 1.7.3, it uses a pre-delete hook to check for existing Kruise CRs before uninstallation and blocks the process to prevent accidental deletion.
+
+### Key Features
+- Support in-place expansion of StatefulSet volumes ([#1674](https://github.com/openkruise/kruise/pull/1674), [#1714](https://github.com/openkruise/kruise/pull/1714), [@ABNER-1](https://github.com/ABNER-1))
+- Enable in-place resource resizing for CloneSet, Advanced StatefulSet, and Advanced DaemonSet ([#1353](https://github.com/openkruise/kruise/pull/1353), [#1866](https://github.com/openkruise/kruise/pull/1866), [@LavenderQAQ](https://github.com/LavenderQAQ), [@ABNER-1](https://github.com/ABNER-1))
+- Support adaptive scheduling strategy for UnitedDeployment ([#1720](https://github.com/openkruise/kruise/pull/1720),  [@AiRanthem](https://github.com/AiRanthem))
+- Add WorkloadSpread support for AI workload like TFJob in KubeFlow ([#1838](https://github.com/openkruise/kruise/pull/1838), [@AiRanthem](https://github.com/AiRanthem))
+
+### Performance Improvements
+- Optimize CA bundle updates to reduce unnecessary changes ([#1717](https://github.com/openkruise/kruise/pull/1717), [@zmberg](https://github.com/zmberg))
+- Add disableDeepCopy for BroadcastJob ([#1696](https://github.com/openkruise/kruise/pull/1696), [@Prepmachine4](https://github.com/Prepmachine4))
+
+### Resilience Enhancement
+- Add Helm pre-delete hook to preserve Kruise CRs during uninstallation ([#1843](https://github.com/openkruise/kruise/pull/1843), [@AiRanthem](https://github.com/AiRanthem))
+
+### Other Notable Changes
+#### Advanced Workload
+- Add lifecycle hooks and tests for Advanced StatefulSet ([#1858](https://github.com/openkruise/kruise/pull/1858), [@mingzhou.swx](https://github.com/mingzhou.swx), [@ABNER-1](https://github.com/ABNER-1))
+- Add range-based reserveOrdinals support for Advanced StatefulSet ([#1873](https://github.com/openkruise/kruise/pull/1873), [@AiRanthem](https://github.com/AiRanthem))
+- Redefined partition semantics to represent non-updated pod count ([#1819](https://github.com/openkruise/kruise/pull/1819), [@ABNER-1](https://github.com/ABNER-1); [#1751](https://github.com/openkruise/kruise/pull/1751), [@zybtakeit](https://github.com/zybtakeit), [@ABNER-1](https://github.com/ABNER-1))
+
+#### Sidecar Management
+- Support inject both stable and updated version sidecar according to updateStrategy ([#1689](https://github.com/openkruise/kruise/pull/1689), [#1856](https://github.com/openkruise/kruise/pull/1856), [@AiRanthem](https://github.com/AiRanthem)) 
+- Refine SidecarSet initContainer handling ([#1719](https://github.com/openkruise/kruise/pull/1719), [@zmberg](https://github.com/zmberg))
+
+#### Multi-domain management
+- Introduce `pub.kruise.io/disable-fetch-replicas-from-workload=true` annotation for CRD compatibility ([#1758](https://github.com/openkruise/kruise/pull/1758), [@zmberg](https://github.com/zmberg))
+- Extend PodProbeMarker to serverless pods ([#1875](https://github.com/openkruise/kruise/pull/1875), [@zmberg](https://github.com/zmberg))
+- Enable priorityClassName patching in WorkloadSpread ([#1877](https://github.com/openkruise/kruise/pull/1877), [@AiRanthem](https://github.com/AiRanthem))
+- Sync all fields in UnitedDeployment spec to subset workload spec ([#1798](https://github.com/openkruise/kruise/pull/1798), [@AiRanthem](https://github.com/AiRanthem))
+
+### Bug Fixes
+- Resolve token permission and dependency pinning issues ([#1707](https://github.com/openkruise/kruise/pull/1707),  [@harshitasao](https://github.com/harshitasao))
+- Fix PyTorchJob pod creation failures ([#1864](https://github.com/openkruise/kruise/pull/1864), [@zmberg](https://github.com/zmberg))
+- Correct ImagePullJob timeout handling (>1800s) ([#1874](https://github.com/openkruise/kruise/pull/1874), [@zmberg](https://github.com/zmberg))
+- Resolve cri-dockerd runtime detection issues ([#1899](https://github.com/openkruise/kruise/pull/1899), [@FlikweertvisionVadym](https://github.com/FlikweertvisionVadym))
+- Remove pod ownerRef requirement in pub webhook ([#1869](https://github.com/openkruise/kruise/pull/1869), [@zmberg](https://github.com/zmberg))
+- Address maxUnavailable blocking in SidecarSet updates ([#1834](https://github.com/openkruise/kruise/pull/1834), [@zmberg](https://github.com/zmberg))
+- Fix CloneSet controller block from scale expectation leaks ([#1829](https://github.com/openkruise/kruise/pull/1829), [@zmberg](https://github.com/zmberg))
+- Enforce imagePullPolicy=Always for ImagePullJob ([#1830](https://github.com/openkruise/kruise/pull/1830), [@zmberg](https://github.com/zmberg))
+- Fix WorkloadSpread webhook panics ([#1807](https://github.com/openkruise/kruise/pull/1807), [@AiRanthem](https://github.com/AiRanthem))
+
+### Misc (Chores and tests)
+- Standardize on CRI for image pulls ([#1867](https://github.com/openkruise/kruise/pull/1867), [@furykerry](https://github.com/furykerry))
+- Introduce JSON log formatting ([#1703](https://github.com/openkruise/kruise/pull/1703), [@zmberg](https://github.com/zmberg))
+- Remove Docker runtime dependency ([#1870](https://github.com/openkruise/kruise/pull/1870),[@furykerry](https://github.com/furykerry))
+- Improve test parallelism and reliability ([#1743](https://github.com/openkruise/kruise/pull/1743), [@MichaelRren](https://github.com/MichaelRren))
+- Enhance WorkloadSpread validation logic ([#1740](https://github.com/openkruise/kruise/pull/1740), [@AiRanthem](https://github.com/AiRanthem))
+- Launche Kruise Guru on Gurubase.io ([#1800](https://github.com/openkruise/kruise/pull/1800), [@kursataktas](https://github.com/kursataktas))
+- Improve documentation accuracy ([#1824](https://github.com/openkruise/kruise/pull/1824), [@furykerry](https://github.com/furykerry))
+- Fix KIND installation issues ([#1688](https://github.com/openkruise/kruise/pull/1688),[@ABNER-1](https://github.com/ABNER-1))
+- Avoid overriding namespace config after deploying ([#1772](https://github.com/openkruise/kruise/pull/1772),[@hantmac](https://github.com/hantmac))
+- Fix WorkloadSpread test flakiness by removing dependencies ([#1895](https://github.com/openkruise/kruise/pull/1895), [@AiRanthem](https://github.com/AiRanthem))
+- Address SidecarSet e2e test failures ([#1724](https://github.com/openkruise/kruise/pull/1724), [@zmberg](https://github.com/zmberg))
+- Enhance unit test stability ([#1784](https://github.com/openkruise/kruise/pull/1784), [@AiRanthem](https://github.com/AiRanthem))
+
+## v1.7.3
+> Change log since v1.7.2
+
+### Bug fixes
+- Fix kubeflow PyTorchJob create pod failure due to pod webhook. ([#1734](https://github.com/openkruise/kruise/pull/1864), [@zmberg](https://github.com/zmberg))
+
+## v1.7.2
+> Change log since v1.7.1
+
+### Advanced Workload
+- Support specified-delete in AdvancedStatefulSet and handle specified deleted pod under maxUnavailable constrain. ([#1734](https://github.com/openkruise/kruise/pull/1734), [@ABNER-1](https://github.com/ABNER-1))
+
+## v1.6.4
+> Change log since v1.6.3
+
+### Advanced Workload
+- Support specified-delete in AdvancedStatefulSet and handle specified deleted pod under maxUnavailable constrain. ([#1734](https://github.com/openkruise/kruise/pull/1734), [@ABNER-1](https://github.com/ABNER-1))
+
+## v1.5.5
+> Chang log since v1.5.4
+
+### Advanced Workload
+- Support specified-delete in AdvancedStatefulSet and handle specified deleted pod under maxUnavailable constrain. ([#1734](https://github.com/openkruise/kruise/pull/1734), [@ABNER-1](https://github.com/ABNER-1))
+- Advanced StatefulSet maxUnavailable now counts unavailable pods with smaller ordinal in the update order during rolling upgrade. ([#1480](https://github.com/openkruise/kruise/pull/1480), [@Yesphet](https://github.com/Yesphet))
+
+## v1.7.1
+> Change log since v1.7.0
+
+### Bug fixes
+- When update crd webhook caBundle, if caBundle does not change, do not update crd again. ([#1717](https://github.com/openkruise/kruise/pull/1717), [@zmberg](https://github.com/zmberg))
+- Remove normal init container in pod's sidecarSet in-place update annotation. ([#1719](https://github.com/openkruise/kruise/pull/1719), [@zmberg](https://github.com/zmberg))
+
+## v1.7.0
+> Change log since v1.6.3
+
+### Key Features
+- When CloneSet volumeClaimTemplates changed, always recreate pods and related volumes. ([#1561](https://github.com/openkruise/kruise/pull/1561), [@ABNER-1](https://github.com/ABNER-1))
+- Bump K8s dependency to 1.28, and OpenKruise still works with Kubernetes Version >= 1.18. ([#1598](https://github.com/openkruise/kruise/pull/1598), [@ABNER-1](https://github.com/ABNER-1))
+- SidecarSet support k8s 1.28 Sidecar Containers(initContainers[x].restartPolicy=Always), and significantly improves the lifecycle management of Sidecar containers,
+  refer to the [community documentation](https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/) for details. ([#1613](https://github.com/openkruise/kruise/pull/1613), [@zmberg](https://github.com/zmberg))
+- ImagePullJob support for credential provider plugin, e.g. aws. ([#1383](https://github.com/openkruise/kruise/pull/1383), [@Kuromesi](https://github.com/Kuromesi))
+- Advanced StatefulSet support [start ordinal](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#start-ordinal). ([#1643](https://github.com/openkruise/kruise/pull/1643), [@ABNER-1](https://github.com/ABNER-1))
+- Support webhook CA injection using external certification management tool, e.g. [cert-manager](https://cert-manager.io/). ([#1665](https://github.com/openkruise/kruise/pull/1665), [@Kuromesi](https://github.com/Kuromesi))
+- Kruise-daemon support cri-docker.sock for kubernetes clusters that use docker runtime. ([#1631](https://github.com/openkruise/kruise/pull/1631), [@BraceCY](https://github.com/BraceCY))
+- Advanced StatefulSet add pod index label `statefulset.kubernetes.io/pod-index`. ([#1667](https://github.com/openkruise/kruise/pull/1667), [@cr7258](https://github.com/cr7258))
+- Add Structured logging support. ([#1565](https://github.com/openkruise/kruise/pull/1565), [@MajLuu](https://github.com/MajLuu)); ([#1629](https://github.com/openkruise/kruise/pull/1629), [@jairuigou](https://github.com/jairuigou)); ([#1669](https://github.com/openkruise/kruise/pull/1669), [@AiRanthem](https://github.com/AiRanthem))
+
+### Performance Enhancement
+- Optimizing Pod SidecarSet webhook and controller performance when lots of namespace scoped sidecarSet exists ([#1547](https://github.com/openkruise/kruise/pull/1547), [@ls-2018](https://github.com/ls-2018))
+- Pod readiness controller use Patch instead of Update, thus reducing updating conflict when creating a large number of Pods. ([#1560](https://github.com/openkruise/kruise/pull/1560), [@BruceAko](https://github.com/BruceAko))
+
+### Bug fixes
+- Multi-domain Management
+  - Fixes workloadSpread validation message when using adaptive strategy type. ([#1553](https://github.com/openkruise/kruise/pull/1553), [@voron](https://github.com/voron))
+  - When feature-gate WorkloadSpread=false, the WorkloadSpread Controller is no longer started and the creation of workloadSpread CR is not allowed. ([#1566](https://github.com/openkruise/kruise/pull/1566), [@ls-2018](https://github.com/ls-2018))
+- Application Protection
+  - In some extreme scenarios, fix PodUnavailableBudget blocking KCM recycling Pods. ([#1567](https://github.com/openkruise/kruise/pull/1567), [@Spground](https://github.com/Spground))
+- Sidecar Container
+  - Fix SidecarSet invalid update status. ([#1641](https://github.com/openkruise/kruise/pull/1641), [@Spground](https://github.com/Spground))
+- Advanced Workload
+  - Fix potential nil panic in CloneSet validating webhook when Pod's controller owner ref is nil. ([#1678](https://github.com/openkruise/kruise/pull/1678), [@Spground](https://github.com/Spground))
+
+### Misc (cleanup and Flake)
+- Optimized Advanced StatefulSet code structure based on upstream community code(k8s 1.28). ([#1648](https://github.com/openkruise/kruise/pull/1648), [@ABNER-1](https://github.com/ABNER-1))
+- Reduce github workflow action permission. ([#1523](https://github.com/openkruise/kruise/pull/1523), [@furykerry](https://github.com/furykerry))
+- Bug fix for Makefile envtest failed. ([#1548](https://github.com/openkruise/kruise/pull/1548), [@BH4AWS](https://github.com/BH4AWS))
+- Fix UT TestRevisionManage. ([#1555](https://github.com/openkruise/kruise/pull/1555), [@furykerry](https://github.com/furykerry))
+- Upgrade opencontainers/runc (1.1.12) and controller-gen (0.14.0). ([#1562](https://github.com/openkruise/kruise/pull/1562), [@ppbits](https://github.com/ppbits))
+- Remove vendor directory. ([#1554](https://github.com/openkruise/kruise/pull/1554), [@liangyuanpeng](https://github.com/liangyuanpeng))
+- Add dependabot config for auto-update github-actions. ([#1570](https://github.com/openkruise/kruise/pull/1570), [@liangyuanpeng](https://github.com/liangyuanpeng))
+- Add permission of security-events write for ghaction golangci-lint. ([#1582](https://github.com/openkruise/kruise/pull/1582), [@liangyuanpeng](https://github.com/liangyuanpeng))
+- Fix vendor error while running command make docker-multiarch. ([#1601](https://github.com/openkruise/kruise/pull/1601), [@MichaelRren](https://github.com/MichaelRren))
+- Change e2e centos image from 6.7 to 7, then e2e can work on arm node. ([#1623](https://github.com/openkruise/kruise/pull/1623), [@Colvin-Y](https://github.com/Colvin-Y))
+- Fix slice declarations that are not initialized with zero length. ([#1628](https://github.com/openkruise/kruise/pull/1628), [@alingse](https://github.com/alingse))
+- Fix UT TestMatchRegistryAuths failed. ([#1583](https://github.com/openkruise/kruise/pull/1583), [@ABNER-1](https://github.com/ABNER-1))
+- Changes the scorecard badge link from old format to the Standard human-readable OpenSSF Scorecard Report. ([#1657](https://github.com/openkruise/kruise/pull/1657), [@harshitasao](https://github.com/harshitasao))
+
+## v1.6.3
+> Change log since v1.6.2
+
+### CVE FIX
+- fix potential security issues of dependent packages ([#1586](https://github.com/openkruise/kruise/pull/1586), [ABNER-1](https://github.com/ABNER-1)) ([#1591](https://github.com/openkruise/kruise/pull/1591), [ABNER-1](https://github.com/ABNER-1))
+
+## v1.6.2
+> Change log since v1.6.1
+
+### CloneSet
+- Fix new version of Pods released by cloneSet that doesn't match spec.updateStrategy.partition. ([#1549](https://github.com/openkruise/kruise/pull/1549), [@qswksp](https://github.com/qswksp))
+
+## v1.5.4
+> Chang log since v1.5.3
+
+### CloneSet
+- Fix new version of Pods released by cloneSet that doesn't match spec.updateStrategy.partition. ([#1549](https://github.com/openkruise/kruise/pull/1549), [@qswksp](https://github.com/qswksp))
+
+## v1.4.2
+> Change log since v1.4.1
+
+### CloneSet
+- Fix new version of Pods released by cloneSet that doesn't match spec.updateStrategy.partition. ([#1549](https://github.com/openkruise/kruise/pull/1549), [@qswksp](https://github.com/qswksp))
+
+## v1.6.1
+> Change log since v1.6.0
+
+### Upgrade Notice
+- FeatureGate PodWebhook=false will not disable ResourcesDeletionProtection. ([#1526](https://github.com/openkruise/kruise/pull/1526), [@zmberg](https://github.com/zmberg))
+- Update go.mod require k8s version from 1.29 to 1.26, and remove go mod replace. ([#1527](https://github.com/openkruise/kruise/pull/1527), [KaiShi](https://github.com/BH4AWS))
+
+### Advanced Workload
+- Fix when StatefulSet reserveOrdinals exist and whenScaled=Delete, scale down pvc failed. ([#1531](https://github.com/openkruise/kruise/pull/1531), [@zmberg](https://github.com/zmberg))
+
+## v1.5.3
+> Chang log since v1.5.2
+
+### Advanced Workload
+- Fix when StatefulSet reserveOrdinals exist and whenScaled=Delete, scale down pvc failed. ([#1531](https://github.com/openkruise/kruise/pull/1531), [@zmberg](https://github.com/zmberg))
+
+## v1.6.0
+> Change log since v1.5.2
+
+### Upgrade Notice
+
+> No, really, you must read this before you upgrade
+- OpenKruise no longer supports Kubernetes versions 1.16, 1.17.
+  However it's still possible to use OpenKruise with Kubernetes versions 1.16 and 1.17 as long as KruiseDaemon is not enabled(install/upgrade kruise charts with featureGates="KruiseDaemon=false")
+- Kruise-Daemon will no longer support v1alpha2 CRI runtimes.
+  However it's still possible to use OpenKruise on Kubernetes with nodes that only support v1alpha2 CRI as long as KruiseDaemon is not enabled(install/upgrade kruise charts with featureGates="KruiseDaemon=false")
+- OpenKruise leader election default to use leases mode. ([#1407](https://github.com/openkruise/kruise/pull/1407), [dsxing](https://github.com/dsxing))
+  For users with OpenKruise version 1.3.0 or lower, please first upgrade your OpenKruise to version 1.4 or 1.5 before upgrading to 1.6.0, so as to avoid unexpected multiple leader problem during the installation.
+- Bump Kubernetes dependency to 1.26.10. ([#1511](https://github.com/openkruise/kruise/pull/1511), [KaiShi](https://github.com/BH4AWS))
+- To avoid potential circular dependency problem, features rely on webhook will no longer work for resources under kube-system,
+  e.g. SidecarSet, WorkloadSpread, PodUnavailableBudget, ContainerLaunchPriority and PersistentPodState. ([#92](https://github.com/openkruise/charts/pull/92), [@hantmac](https://github.com/hantmac))
+
+### Key Features
+- Fix WorkloadSpread incorrect subset allocation after workload rolling updating. ([#1197](https://github.com/openkruise/kruise/pull/1197), [veophi](https://github.com/veophi))
+- ImagePullJob support force image pulling for images with the name as previous one. ([#1384](https://github.com/openkruise/kruise/pull/1384), [ls-2018](https://github.com/ls-2018))
+- Job Sidecar Terminator reports correct pod phase for sidecar containers with non-zero exit code. ([#1303](https://github.com/openkruise/kruise/pull/1303), [@diannaowa](https://github.com/diannaowa))
+- Support the deletion protection of service and ingress resources. ([#1269](https://github.com/openkruise/kruise/pull/1269), [@kevin1689-cloud](https://github.com/kevin1689-cloud))
+
+### Performance Enhancement
+- Optimize PodProbeMarker performance. ([#1430](https://github.com/openkruise/kruise/pull/1430), [ls-2018](https://github.com/ls-2018))
+- Optimize container launch priority performance. ([#1490](https://github.com/openkruise/kruise/pull/1490), [FillZpp](https://github.com/FillZpp))
+
+### Other Changes
+
+- Enhanced Operation
+  - PodProbeMarker:  Container probe support Tcp probing. ([#1474](https://github.com/openkruise/kruise/pull/1474), [KaiShi](https://github.com/BH4AWS))
+  - PodProbeMarker:  Sync podCondition when probe message of probeStates changed. ([#1479](https://github.com/openkruise/kruise/pull/1479), [chrisliu1995](https://github.com/chrisliu1995))
+  - PersistentPodState: Fix the problem that PersistentPodState can't get spec.replicas from unstructured object. ([#1462](https://github.com/openkruise/kruise/pull/1462), [0xgj](https://github.com/0xgj))
+  - Fix PodProbeMarker feature gate dependency . ([#1429](https://github.com/openkruise/kruise/pull/1429), [ls-2018](https://github.com/ls-2018))
+
+- Advanced Workload
+  - Enforce Advanced DaemonSet spec.selector is immutable. ([#1505](https://github.com/openkruise/kruise/pull/1505), [@hantmac](https://github.com/hantmac))
+  - Advanced StatefulSet maxUnavailable now counts unavailable pods with smaller ordinal in the update order during rolling upgrade. ([#1480](https://github.com/openkruise/kruise/pull/1480), [@Yesphet](https://github.com/Yesphet))
+  - Fix EphemeralJob event handler for deleting object. ([#1401](https://github.com/openkruise/kruise/pull/1401), [FillZpp](https://github.com/FillZpp))
+
+- Sidecar Container
+  - Fix pod annotations injection abnormal for SidecarSet. ([#1453](https://github.com/openkruise/kruise/pull/1453), [@a932846905](https://github.com/a932846905))
+
+- Application Protection
+  - PodUnavailableBudget ignore deletion of not ready or inconsistent pods. ([#1512](https://github.com/openkruise/kruise/pull/1512), [Spground](https://github.com/Spground))
+
+- Others
+  - Replace 'github.com/pkg/errors' with the standard Go library 'errors'. ([#1518](https://github.com/openkruise/kruise/pull/1518), [dongjiang1989](https://github.com/dongjiang1989))
+  - Upgrade minimum docker api version from 1.23 to 1.24. ([#1510](https://github.com/openkruise/kruise/pull/1510), [hantmac](https://github.com/hantmac))
+  - Add UT in controller_revision_test file. ([#1457](https://github.com/openkruise/kruise/pull/1457), [xiangpingjiang](https://github.com/xiangpingjiang))
+  - BroadcastJob controller define some parameters as Constant. ([#1414](https://github.com/openkruise/kruise/pull/1414), [lilongfeng0902](https://github.com/lilongfeng0902))
+  - Kruise-daemon enable pprof. ([#1416](https://github.com/openkruise/kruise/pull/1416), [dsxing](https://github.com/dsxing))
+  - Remove deprecated 'io/ioutil' pkg. ([#1404](https://github.com/openkruise/kruise/pull/1404), [testwill](https://github.com/testwill))
+  - Fix unnecessary use of fmt.Sprintf. ([#1403](https://github.com/openkruise/kruise/pull/1403), [testwill](https://github.com/testwill))
+
+## v1.5.2
+> Chang log since v1.5.1
+
+### CVE FIX: Enhance kruise-daemon security ([#1482](https://github.com/openkruise/kruise/pull/1482), [veophi](https://github.com/veophi))
+
+### Start kruise-manager as a non-root user
+We start kruise-manger with a non-root user to further enhance the security of kruise-manager. ([#1491](https://github.com/openkruise/kruise/pull/1491), [@zmberg](https://github.com/zmberg))
+
+## v1.5.1
+> Chang log since v1.5.0
+
+In version 1.5.1, the focus was on enhancing UnitedDeployment and addressing various bug fixes:
+
+- Add the ability to plan the lower and upper bound of capacity to the subsets in UnitedDeployment ([#1428](https://github.com/openkruise/kruise/pull/1428), [@veophi](https://github.com/veophi))
+
+- Fix unexpected job recreation by adding controller-revision-hash label for ImageListPullJob. ([#1441](https://github.com/openkruise/kruise/pull/1428), [@veophi](https://github.com/veophi))
+
+- Add prometheus metrics for pub and deletion protection to enhance observability for pub & deletion protection ([#1398](https://github.com/openkruise/kruise/pull/1398), [@zmberg](https://github.com/zmberg))
+
+- Add enable pprof flag for kruise daemon, now you can disable the pprof of kruise daemon ([#1416](https://github.com/openkruise/kruise/pull/1416), [@chengjoey](https://github.com/chengjoey))
+
+- Fix SidecarSet upgrade exception for UpdateExpectations to solve the problem of updating the image of the sidecar container ([#1435](https://github.com/openkruise/kruise/pull/1435), [@zmberg](https://github.com/zmberg)])
+
+- add audit log for pub and deletion protection to enhance observability for pub & deletion protection  ([#1438](https://github.com/openkruise/kruise/pull/1438), [@zmberg](https://github.com/zmberg)])
+
+## v1.5.0
+> Change log since v1.4.0
+
+### Upgrade Notice
+
+> No, really, you must read this before you upgrade
+
+- **Disable** following feature-gates by default: PreDownloadImageForInPlaceUpdate([#1244](https://github.com/openkruise/kruise/pull/1224), [@zmberg](https://github.com/zmberg)), ImagePullJobGate([#1357](https://github.com/openkruise/kruise/pull/1357), [@zmberg](https://github.com/zmberg)), DeletionProtectionForCRDCascadingGate([#1365](https://github.com/openkruise/kruise/pull/1365), [@zmberg](https://github.com/zmberg)), and ResourceDistributionGate([#1360](https://github.com/openkruise/kruise/pull/1360/files), [@zmberg](https://github.com/zmberg))
+- Bump Kubernetes dependency to 1.24.16, Golang version to 1.19([#1354](https://github.com/openkruise/kruise/pull/1354), [Kuromesi](https://github.com/Kuromesi))
+
+### Key Features: Enhanced Multi-Domain Management
+- WorkloadSpread:
+  - Support any customized workloads that have `scale` sub-resource. ([#1286](https://github.com/openkruise/kruise/pull/1286), [veophi](https://github.com/veophi))
+  - Add validation for subset patch field. ([#1237](https://github.com/openkruise/kruise/pull/1237), [chengleqi](https://github.com/chengleqi))
+- UnitedDeployment:
+  - Support `scale` sub-resource. ([#1314](https://github.com/openkruise/kruise/pull/1314)), [diannaowa](https://github.com/diannaowa))
+  - Support `patch` field for each subset. ([#1266](https://github.com/openkruise/kruise/pull/1266), [chengleqi](https://github.com/chengleqi))
+  - Optimize UnitedDeployment replicas settings. ([#1247](https://github.com/openkruise/kruise/pull/1247), [y-ykcir](https://github.com/y-ykcir))
+
+### ImagePreDownload
+- ImageListPullJob:
+  - Many users have the need for batch pre-download images, and the current approach, i.e., ImagePullJob, has a relatively high threshold for use, We added a new CRD ImageListPullJob to batch pre-download images.
+    You just write a range of images in one ImageListPullJob CR, its controller will generate corresponding ImagePullJob CR for each image automatically. ([1222](https://github.com/openkruise/kruise/pull/1222), [@diannaowa](https://github.com/diannaowa))
+- ImagePullJob:
+  - Fix the matching logic for the imagePullSecret in ImagePullJob. ([#1241](https://github.com/openkruise/kruise/pull/1241), [#1357](https://github.com/openkruise/kruise/pull/1357))
+  - Advanced Workload pre-download image support attach metadata in ImagePullJob. ([#1246](https://github.com/openkruise/kruise/pull/1246), [YTGhost](https://github.com/YTGhost))
+
+### Advanced Workload
+- SidecarSet:
+  - Add condition and event for not upgradable pods when updating. ([#1309](https://github.com/openkruise/kruise/pull/1309), [MarkLux](https://github.com/MarkLux))
+  - Take effect of shareVolumePolicy on initContainers. ([#1229](https://github.com/openkruise/kruise/pull/1229), [y-ykcir](https://github.com/y-ykcir))
+  - Allow sidecar containers to mount serviceAccountToken type volume. ([#1238](https://github.com/openkruise/kruise/pull/1238), [y-ykcir](https://github.com/y-ykcir))
+  - SidecarSet updateStrategy support priorityStrategy. ([#1325](https://github.com/openkruise/kruise/pull/1325), [y-ykcir](https://github.com/y-ykcir))
+- BroadcastJob:
+  - Make OnFailure as default restartPolicy. ([#1149](https://github.com/openkruise/kruise/pull/1149), [Shubhamurkade](https://github.com/Shubhamurkade))
+  - Fix BroadcastJob doesn't make pod on node that has erased taint. ([#1204](https://github.com/openkruise/kruise/pull/1204), [weldonlwz](https://github.com/weldonlwz))
+- CloneSet & StatefulSet:
+  - Regard the pod at preparing update state as update revision when scaling. ([#1290](https://github.com/openkruise/kruise/pull/1290), [veophi](https://github.com/veophi))
+  - Add `updatedAvailableReplicas` field in status. ([#1317](https://github.com/openkruise/kruise/pull/1317), [nitishchauhan0022](https://github.com/nitishchauhan0022))
+
+### Kruise Daemon
+- Connecting to Pouch runtime via CRI interface. ([#1232](https://github.com/openkruise/kruise/pull/1232), [@zmberg](https://github.com/zmberg))
+- Compatible with v1 and v1alpha2 CRI API version. ([#1354](https://github.com/openkruise/kruise/pull/1354), [veophi](https://github.com/veophi))
+
+### ResourceProtection
+- Reject Namespace deletion when PVCs are included under NS. ([#1228](https://github.com/openkruise/kruise/pull/1228), [kevin1689-cloud](https://github.com/kevin1689-cloud))
+
+And some bugs were fixed by
+([#1238](https://github.com/openkruise/kruise/pull/1238), [y-ykcir](https://github.com/y-ykcir)),
+([#1335](https://github.com/openkruise/kruise/pull/1335), [ls-2018](https://github.com/ls-2018)),
+([#1301](https://github.com/openkruise/kruise/pull/1301), [wangwu50](https://github.com/wangwu50)),
+([#1395](https://github.com/openkruise/kruise/pull/1301), [ywdxz](https://github.com/ywdxz)),
+([#1304](https://github.com/openkruise/kruise/pull/1304), [kevin1689-cloud](https://github.com/kevin1689-cloud)),
+([#1348](https://github.com/openkruise/kruise/pull/1348), [#1343](https://github.com/openkruise/kruise/pull/1343), [Colvin-Y](https://github.com/Colvin-Y)),
+thanks!
+
+## v1.4.1
+> Change log since v1.4.0
+
+### CVE FIX: Enhance kruise-daemon security ([#1482](https://github.com/openkruise/kruise/pull/1482), [veophi](https://github.com/veophi))
+
+## v1.4.0
+
+> Change log since v1.3.0
+
+### Upgrade Notice
+
+> No, really, you must read this before you upgrade
+
+- Enable following feature-gates by default: ResourcesDeletionProtection, WorkloadSpread, PodUnavailableBudgetDeleteGate, InPlaceUpdateEnvFromMetadata,
+  StatefulSetAutoDeletePVC, PodProbeMarkerGate. ([#1214](https://github.com/openkruise/kruise/pull/1214), [@zmberg](https://github.com/zmberg))
+- Change Kruise leader election from configmap to configmapsleases, this is a smooth upgrade with no disruption to OpenKruise service.  ([#1184](https://github.com/openkruise/kruise/pull/1184), [@YTGhost](https://github.com/YTGhost))
+
+### New Feature: JobSidecarTerminator
+
+In the Kubernetes world, it is challenging to use long-running sidecar containers for short-term job because there is no straightforward way to
+terminate the sidecar containers when the main container exits. For instance, when the main container in a Pod finishes its task and exits, it is expected that accompanying sidecars,
+such as a log collection sidecar, will also exit actively, so the Job Controller can accurately determine the completion status of the Pod.
+However most sidecar containers lack the ability to discovery the exit of main container.
+
+For this scenario OpenKruise provides the JobSidecarTerminator capability, which can terminate sidecar containers once the main containers exit.
+
+For more detail, please refer to its [proposal](https://github.com/openkruise/kruise/blob/master/docs/proposals/20230130-job-sidecar-terminator.md).
+
+### Advanced Workloads
+- Optimized CloneSet Event handler to reduce unnecessary reconciliation. The feature is off by default and controlled by CloneSetEventHandlerOptimization feature-gate. ([#1219](https://github.com/openkruise/kruise/pull/1219), [@veophi](https://github.com/veophi))
+- Avoid pod hang in PreparingUpdate state when rollback before update hook. ([#1157](https://github.com/openkruise/kruise/pull/1157), [@shiyan2016](https://github.com/shiyan2016))
+- Fix cloneSet update blocking when spec.scaleStrategy.maxUnavailable is not empty. ([#1136](https://github.com/openkruise/kruise/pull/1136), [@ivanszl](https://github.com/ivanszl))
+- Add 'disablePVCReuse' field to enable recreation of PVCs when rebuilding pods, which can avoid Pod creation failure due to Node exceptions. ([#1113](https://github.com/openkruise/kruise/pull/1113), [@willise](https://github.com/willise))
+- CloneSet 'partition' field support float percent to improve precision. ([#1124](https://github.com/openkruise/kruise/pull/1124), [@shiyan2016](https://github.com/shiyan2016))
+- Add PreNormal Lifecycle Hook for CloneSet. ([#1071](https://github.com/openkruise/kruise/pull/1071), [@veophi](https://github.com/veophi))
+- Allow to mutate PVCTemplate of Advanced StatefulSet & CloneSet. Note, Only works for new Pods, not for existing Pods. ([#1118](https://github.com/openkruise/kruise/pull/1118), [@veophi](https://github.com/veophi))
+- Make ephemeralJob compatible with k8s version 1.20 & 1.21. ([#1127](https://github.com/openkruise/kruise/pull/1127), [@veophi](https://github.com/veophi))
+- UnitedDeployment support advanced StatefulSet 'persistentVolumeClaimRetentionPolicy' field. ([#1110](https://github.com/openkruise/kruise/pull/1110), [@yuexian1234](https://github.com/yuexian1234))
+
+### ContainerRecreateRequest
+- Add 'forceRecreate' field to ensure the immediate recreation of the container even if the container is starting at that point. ([#1182](https://github.com/openkruise/kruise/pull/1182), [@BH4AWS](https://github.com/BH4AWS))
+
+### ImagePullJob
+- Support attach metadata in PullImage CRI interface during ImagePullJob. ([#1190](https://github.com/openkruise/kruise/pull/1190), [@diannaowa](https://github.com/diannaowa))
+
+### SidecarSet
+- SidecarSet support namespace selector. ([#1178](https://github.com/openkruise/kruise/pull/1178), [@zmberg](https://github.com/zmberg))
+
+### Others
+- Simplify some code, mainly comparison and variable declaration. ([#1209](https://github.com/openkruise/kruise/pull/1209), [@hezhizhen](https://github.com/hezhizhen))
+- Update k8s registry references from k8s.gcr.io to registry.k8s.io. ([#1208](https://github.com/openkruise/kruise/pull/1208), [@asa3311](https://github.com/asa3311))
+- Fix config/samples/apps_v1alpha1_uniteddeployment.yaml invalid image. ([#1198](https://github.com/openkruise/kruise/pull/1198), [@chengleqi](https://github.com/chengleqi))
+- Change kruise base image to alpine. ([#1166](https://github.com/openkruise/kruise/pull/1166), [@fengshunli](https://github.com/fengshunli))
+- PersistentPodState support custom workload (like statefulSet). ([#1063](https://github.com/openkruise/kruise/pull/1063), [@baxiaoshi](https://github.com/baxiaoshi))
+
+## v1.3.1
+
+> Change log since v1.3.0
+
+### CVE FIX: Enhance kruise-daemon security ([#1482](https://github.com/openkruise/kruise/pull/1482), [veophi](https://github.com/veophi))
+
+## v1.3.0
+
+> Change log since v1.2.0
+
+### New CRD and Controller: PodProbeMarker
+
+Kubernetes provides three Pod lifecycle management:
+- **Readiness Probe** Used to determine whether the business container is ready to respond to user requests. If the probe fails, the Pod will be removed from Service Endpoints.
+- **Liveness Probe** Used to determine the health status of the container. If the probe fails, the kubelet will restart the container.
+- **Startup Probe** Used to know when a container application has started. If such a probe is configured, it disables liveness and readiness checks until it succeeds.
+
+So the Probe capabilities provided in Kubernetes have defined specific semantics and related behaviors.
+**In addition, there is actually a need to customize Probe semantics and related behaviors**, such as:
+- **GameServer defines Idle Probe to determine whether the Pod currently has a game match**, if not, from the perspective of cost optimization, the Pod can be scaled down.
+- **K8S Operator defines the main-secondary probe to determine the role of the current Pod (main or secondary)**. When upgrading, the secondary can be upgraded first,
+  so as to achieve the behavior of selecting the main only once during the upgrade process, reducing the service interruption time during the upgrade process.
+
+So we provides the ability to customize the Probe and return the result to the Pod yaml.
+
+For more detail, please refer to its [documentation](https://openkruise.io/docs/user-manuals/podprobemarker) and [proposal](https://github.com/openkruise/kruise/blob/master/docs/proposals/20220728-pod-probe-marker.md).
+
+### SidecarSet
+- SidecarSet support to inject pods under kube-system,kube-public namespace. ([#1084](https://github.com/openkruise/kruise/pull/1084), [@zmberg](https://github.com/zmberg))
+- SidecarSet support to inject specific history sidecar container to Pods. ([#1021](https://github.com/openkruise/kruise/pull/1021), [@veophi](https://github.com/veophi))
+- SidecarSet support to inject pod annotations.([#992](https://github.com/openkruise/kruise/pull/992), [@zmberg](https://github.com/zmberg))
+
+### AdvancedCronJob
+- TimeZone support for AdvancedCronJob from [upstream](https://github.com/kubernetes/kubernetes/pull/108032). ([#1070](https://github.com/openkruise/kruise/pull/1070), [@FillZpp](https://github.com/FillZpp))
+
+### WorkloadSpread
+- WorkloadSpread support Native StatefulSet and Kruise Advanced StatefulSet. ([#1056](https://github.com/openkruise/kruise/pull/1056), [@veophi](https://github.com/veophi))
+
+### CloneSet
+- CloneSet supports to calculate scale number excluding Pods in PreparingDelete. ([#1024](https://github.com/openkruise/kruise/pull/1024), [@FillZpp](https://github.com/FillZpp))
+- Optimize CloneSet queuing when cache has just synced. ([#1026](https://github.com/openkruise/kruise/pull/1026), [@FillZpp](https://github.com/FillZpp))
+
+### PodUnavailableBudget
+- Optimize event handler performance for PodUnavailableBudget. ([#1027](https://github.com/openkruise/kruise/pull/1027), [@FillZpp](https://github.com/FillZpp))
+
+### Advanced DaemonSet
+- Allow optional filed max unavilable in ads, and set default value 1. ([#1007](https://github.com/openkruise/kruise/pull/1007), [@ABNER-1](https://github.com/ABNER-1))
+- Fix DaemonSet surging with minReadySeconds. ([#1014](https://github.com/openkruise/kruise/pull/1014), [@FillZpp](https://github.com/FillZpp))
+- Optimize Advanced DaemonSet internal new pod for imitating scheduling. ([#1011](https://github.com/openkruise/kruise/pull/1011), [@FillZpp](https://github.com/FillZpp))
+- Advanced DaemonSet support pre-download image. ([#1057](https://github.com/openkruise/kruise/pull/1057), [@ABNER-1](https://github.com/ABNER-1))
+
+### Advanced StatefulSet
+- Fix panic cased by statefulset pvc auto deletion. ([#999](https://github.com/openkruise/kruise/pull/999), [@veophi](https://github.com/veophi))
+
+### Others
+- Optimize performance of LabelSelector conversion. ([#1068](https://github.com/openkruise/kruise/pull/1068), [@FillZpp](https://github.com/FillZpp))
+- Reduce kruise-manager memory allocation. ([#1015](https://github.com/openkruise/kruise/pull/1015), [@FillZpp](https://github.com/FillZpp))
+- Pod state from updating to Normal should all hooked. ([#1022](https://github.com/openkruise/kruise/pull/1022), [@shiyan2016](https://github.com/shiyan2016))
+- Fix go get in Makefile with go 1.18. ([#1036](https://github.com/openkruise/kruise/pull/1036), [@astraw99](https://github.com/astraw99))
+- Fix EphemeralJob spec.replicas nil panic bug. ([#1016](https://github.com/openkruise/kruise/pull/1016), [@hellolijj](https://github.com/openkruise/kruise/pull/1016))
+- Fix UnitedDeployment reconcile don't return err bug. ([#991](https://github.com/openkruise/kruise/pull/991), [@huiwq1990](https://github.com/huiwq1990))
+
+## v1.2.0
+
+> Change log since v1.1.0
+
+### New CRD and Controller: PersistentPodState
+
+With the development of cloud native, more and more companies start to deploy stateful services (e.g., Etcd, MQ) using Kubernetes.
+K8S StatefulSet is a workload for managing stateful services, and it considers the deployment characteristics of stateful services in many aspects.
+However, StatefulSet persistent only limited pod state, such as Pod Name is ordered and unchanging, PVC persistence,
+and can not cover other states, e.g. Pod IP retention, priority scheduling to previously deployed Nodes.
+
+So we provide `PersistentPodState` CRD to persistent other states of the Pod, such as "IP Retention".
+
+For more detail, please refer to its [documentation](https://openkruise.io/docs/user-manuals/persistentpodstate) and [proposal](https://github.com/openkruise/kruise/blob/master/docs/proposals/20220421-persistent-pod-state.md).
+
+### CloneSet
+
+- Ensure at least one pod is upgraded if CloneSet has `partition < 100%` **(Behavior Change)**. ([#954](https://github.com/openkruise/kruise/pull/954), [@veophi](https://github.com/veophi))
+- Add `expectedUpdatedReplicas` field into CloneSet status. ([#954](https://github.com/openkruise/kruise/pull/954) & [#963](https://github.com/openkruise/kruise/pull/963), [@veophi](https://github.com/veophi))
+- Add `markPodNotReady` field into lifecycle hook to support marking Pod as NotReady during preparingDelete or preparingUpdate. ([#979](https://github.com/openkruise/kruise/pull/979), [@veophi](https://github.com/veophi))
+
+### StatefulSet
+
+- Add `markPodNotReady` field into lifecycle hook to support marking Pod as NotReady during preparingDelete or preparingUpdate. ([#979](https://github.com/openkruise/kruise/pull/979), [@veophi](https://github.com/veophi))
+
+### PodUnavailableBudget
+
+- Support to protect any custom workloads with scale subresource. ([#982](https://github.com/openkruise/kruise/pull/982), [@zmberg](https://github.com/zmberg))
+- Optimize performance in large-scale clusters by avoiding DeepCopy list. ([#955](https://github.com/openkruise/kruise/pull/955), [@zmberg](https://github.com/zmberg))
+
+### Others
+
+- Remove some commented code and simplify some. ([#983](https://github.com/openkruise/kruise/pull/983), [@hezhizhen](https://github.com/hezhizhen))
+- Sidecarset forbid updating of sidecar container name. ([#937](https://github.com/openkruise/kruise/pull/937), [@adairxie](https://github.com/adairxie))
+- Optimize the logic of listNamespacesForDistributor func. ([#952](https://github.com/openkruise/kruise/pull/952), [@hantmac](https://github.com/hantmac))
+
+## v1.1.0
+
+> Change log since v1.0.1
+
+### Project
+
+- Bump Kubernetes dependencies to 1.22 and controller-runtime to v0.10.2. ([#915](https://github.com/openkruise/kruise/pull/915), [@FillZpp](https://github.com/FillZpp))
+- Disable DeepCopy for some specific cache list. ([#916](https://github.com/openkruise/kruise/pull/916), [@FillZpp](https://github.com/FillZpp))
+
+### InPlace Update
+
+- Support in-place update containers with launch priority, for workloads that supported in-place update, e.g., CloneSet, Advanced StatefulSet. ([#909](https://github.com/openkruise/kruise/pull/909), [@FillZpp](https://github.com/FillZpp))
+
+### CloneSet
+
+- Add `pod-template-hash` label into Pods, which will always be the short hash. ([#931](https://github.com/openkruise/kruise/pull/931), [@FillZpp](https://github.com/FillZpp))
+- Support pre-download image after a number of updated pods has been ready. ([#904](https://github.com/openkruise/kruise/pull/904), [@shiyan2016](https://github.com/shiyan2016))
+- Make maxUnavailable also limited to pods in new revision. ([#899](https://github.com/openkruise/kruise/pull/899), [@FillZpp](https://github.com/FillZpp))
+
+### Advanced DaemonSet
+
+- Refactor daemonset controller and fetch upstream codebase. ([#883](https://github.com/openkruise/kruise/pull/883), [@FillZpp](https://github.com/FillZpp))
+- Support preDelete lifecycle for both scale down and recreate update. ([#923](https://github.com/openkruise/kruise/pull/923), [@FillZpp](https://github.com/FillZpp))
+- Fix node event handler that should compare update selector matching changed. ([#920](https://github.com/openkruise/kruise/pull/920), [@LastNight1997](https://github.com/LastNight1997))
+- Optimize `dedupCurHistories` func in ReconcileDaemonSet. ([#912](https://github.com/openkruise/kruise/pull/912), [@LastNight1997](https://github.com/LastNight1997))
+
+### Advanced StatefulSet
+
+- Support StatefulSetAutoDeletePVC feature. ([#882](https://github.com/openkruise/kruise/pull/882), [@veophi](https://github.com/veophi))
+
+### SidecarSet
+
+- Support shared volumes in init containers. ([#929](https://github.com/openkruise/kruise/pull/929), [@outgnaY](https://github.com/outgnaY))
+- Support transferEnv in init containers. ([#897](https://github.com/openkruise/kruise/pull/897), [@pigletfly](https://github.com/pigletfly))
+- Optimize the injection for pod webhook that checks container exists. ([#927](https://github.com/openkruise/kruise/pull/927), [@zmberg](https://github.com/zmberg))
+- Fix validateSidecarConflict to avoid a same sidecar container exists in multiple sidecarsets. ([#884](https://github.com/openkruise/kruise/pull/884), [@pigletfly](https://github.com/pigletfly))
+
+### Kruise-daemon
+
+- Support CRI-O and any other common CRI types. ([#930](https://github.com/openkruise/kruise/pull/930), [@diannaowa](https://github.com/diannaowa)) & ([#936](https://github.com/openkruise/kruise/pull/936), [@FillZpp](https://github.com/FillZpp))
+
+### Other
+
+- Add `kruise_manager_is_leader` metric. ([#917](https://github.com/openkruise/kruise/pull/917), [@hatowang](https://github.com/hatowang))
+
+## v1.0.1
+
+> Change log since v1.0.0
+
+### SidecarSet
+
+- Fix panic when SidecarSet manages Pods with sidecar containers that have different update type. ([#850](https://github.com/openkruise/kruise/pull/850), [@veophi](https://github.com/veophi))
+- Fix log error when extract container from fieldpath failed. ([#860](https://github.com/openkruise/kruise/pull/860), [@pigletfly](https://github.com/pigletfly))
+- Optimization logic of determining whether the pod state is consistent logic. ([#854](https://github.com/openkruise/kruise/pull/854), [@dafu-wu](https://github.com/dafu-wu))
+- Replace reflect with generation in event handler. ([#885](https://github.com/openkruise/kruise/pull/885), [@zouyee](https://github.com/zouyee))
+- Store history revisions for sidecarset. ([#715](https://github.com/openkruise/kruise/pull/715), [@veophi](https://github.com/veophi))
+
+### Advanced StatefulSet
+
+- Allow updating asts RevisionHistoryLimit. ([#864](https://github.com/openkruise/kruise/pull/864), [@shiyan2016](https://github.com/shiyan2016))
+- StatefulSet considers non-available pods when deleting pods. ([#880](https://github.com/openkruise/kruise/pull/880), [@hzyfox](https://github.com/hzyfox))
+
+### ResourceDistribution
+
+- Improve controller updating and watching logic. ([#861](https://github.com/openkruise/kruise/pull/861), [@veophi](https://github.com/veophi))
+
+### CloneSet
+
+- Break the loop when it finds the current revision. ([#887](https://github.com/openkruise/kruise/pull/887), [@shiyan2016](https://github.com/shiyan2016))
+- Remove duplicate register fieldindexes in cloneset controller. ([#888](https://github.com/openkruise/kruise/pull/888) & [#889](https://github.com/openkruise/kruise/pull/889), [@shiyan2016](https://github.com/shiyan2016))
+- CloneSet refresh pod states before skipping update when paused **(Behavior Change)**. ([#893](https://github.com/openkruise/kruise/pull/893), [@FillZpp](https://github.com/FillZpp))
+
+### PullImageJob
+
+- Update containerd client usage and event handler for controller. ([#894](https://github.com/openkruise/kruise/pull/894), [@FillZpp](https://github.com/FillZpp))
+
+## v0.10.2
+
+> Change log since v0.10.1
+
+### SidecarSet
+
+- Add SourceContainerNameFrom and EnvNames in sidecarset transferenv.
+
+### Advanced StatefulSet
+
+- Fix update expectation to be increased when a pod updated.
+
+### WorkloadSpread
+
+- Fix bug: read conditions from nil old subset status.
+
+### Other
+
+- Do not set timeout for webhook ready.
+
+## v1.0.0
+
+> Change log since v0.10.1
+
+### Project
+
+- Bump CustomResourceDefinition(CRD) from v1beta1 to v1
+- Bump ValidatingWebhookConfiguration/MutatingWebhookConfiguration from v1beta1 to v1
+- Bump dependencies: k8s v1.18 -> v1.20, controller-runtime v0.6.5 -> v0.8.3
+- Generate CRDs with original controller-tools and markers
+
+**So that Kruise can install into Kubernetes 1.22 and no longer support Kubernetes < 1.16.**
+
+### New feature: in-place update with env from metadata
+
+When update `spec.template.metadata.labels/annotations` in CloneSet or Advanced StatefulSet and there exists container env from the changed labels/annotations,
+Kruise will in-place update them to renew the env value in containers.
+
+[doc](https://openkruise.io/docs/core-concepts/inplace-update#understand-inplaceifpossible)
+
+### New feature: ContainerLaunchPriority
+
+Container Launch Priority provides a way to help users control the sequence of containers start in a Pod.
+
+It works for Pod, no matter what kind of owner it belongs to, which means Deployment, CloneSet or any other Workloads are all supported.
+
+[doc](https://openkruise.io/docs/user-manuals/containerlaunchpriority)
+
+### New feature: ResourceDistribution
+
+For the scenario, where the namespace-scoped resources such as Secret and ConfigMap need to be distributed or synchronized to different namespaces,
+the native k8s currently only supports manual distribution and synchronization by users one-by-one, which is very inconvenient.
+
+Therefore, in the face of these scenarios that require the resource distribution and **continuously synchronization across namespaces**, we provide a tool, namely **ResourceDistribution**, to do this automatically.
+
+Currently, ResourceDistribution supports the two kind resources --- **Secret & ConfigMap**.
+
+[doc](https://openkruise.io/docs/user-manuals/resourcedistribution)
+
+### CloneSet
+
+- Add `maxUnavailable` field in `scaleStrategy` to support rate limiting of scaling up.
+- Mark revision stable as `currentRevision` when all pods updated to it, won't wait all pods to be ready **(Behavior Change)**.
+
+### WorkloadSpread
+
+- Manage the pods that were created before WorkloadSpread.
+- Optimize webhook update and retry during injection.
+
+### PodUnavailableBudget
+
+- Add pod no pub-protection annotation.
+- PUB controller watch workload replicas changed.
+
+### Advanced DaemonSet
+
+- Support in-place update daemon pod.
+- Support progressive annotation to control if pods creation should be limited by partition.
+
+### SidecarSet
+
+- Fix SidecarSet filter active pods.
+
+### UnitedDeployment
+
+- Fix pod NodeSelectorTerms length 0 when UnitedDeployment NodeSelectorTerms is nil.
+
+### NodeImage
+
+- Add `--nodeimage-creation-delay` flag to delay NodeImage creation after Node ready.
+
+### Other
+
+- Kruise-daemon watch pods using protobuf.
+- Export resync seconds args.
+- Fix http checker reload ca.cert.
+- Fix E2E for WorkloadSpread, ImagePulling, ContainerLaunchPriority.
+
+## v1.0.0-beta.0
+
+> Change log since v1.0.0-alpha.2
+
+### New feature: ResourceDistribution
+
+For the scenario, where the namespace-scoped resources such as Secret and ConfigMap need to be distributed or synchronized to different namespaces,
+the native k8s currently only supports manual distribution and synchronization by users one-by-one, which is very inconvenient.
+
+Therefore, in the face of these scenarios that require the resource distribution and **continuously synchronization across namespaces**, we provide a tool, namely **ResourceDistribution**, to do this automatically.
+
+Currently, ResourceDistribution supports the two kind resources --- **Secret & ConfigMap**.
+
+[doc](https://openkruise.io/docs/next/user-manuals/resourcedistribution)
+
+### CloneSet
+
+- Add `maxUnavailable` field in `scaleStrategy` to support rate limiting of scaling up.
+- Mark revision stable when all pods updated to it, won't wait all pods to be ready.
+
+### Advanced DaemonSet
+
+- Support progressive annotation to control if pods creation should be limited by partition.
+
+### UnitedDeployment
+
+- Fix pod NodeSelectorTerms length 0 when UnitedDeployment NodeSelectorTerms is nil.
+
+## v1.0.0-alpha.2
+
+> Change log since v1.0.0-alpha.1
+
+### Project
+
+- Generate CRDs with original controller-tools and markers
+
+### WorkloadSpread
+
+- Add discoveryGVK for WorkloadSpread
+
+### NodeImage
+
+- Add `--nodeimage-creation-delay` flag to delay NodeImage creation after Node ready
+
+### Other
+
+- Fix E2E for WorkloadSpread, ImagePulling, ContainerLaunchPriority
+
+## v0.10.1
+
+> Change log since v0.10.0
+
+### WorkloadSpread
+
+- Add discoveryGVK for WorkloadSpread
+- Optimize webhook injection
+
+### Kruise-daemon
+
+- Setup generic kubeClient with Protobuf
+
+### Other
+
+- Fix E2E for WorkloadSpread, ImagePulling
+
+## v1.0.0-alpha.1
+
+> Change log since v0.10.0
+
+### Project
+
+- Bump CustomResourceDefinition(CRD) from v1beta1 to v1
+- Bump ValidatingWebhookConfiguration/MutatingWebhookConfiguration from v1beta1 to v1
+- Bump dependencies: k8s v1.18 -> v1.20, controller-runtime v0.6.5 -> v0.8.3
+
+**So that Kruise can install into Kubernetes 1.22 and no longer support Kubernetes < 1.16.**
+
+### New feature: in-place update with env from metadata
+
+When update `spec.template.metadata.labels/annotations` in CloneSet or Advanced StatefulSet and there exists container env from the changed labels/annotations,
+Kruise will in-place update them to renew the env value in containers.
+
+[doc](https://openkruise.io/docs/next/core-concepts/inplace-update#understand-inplaceifpossible)
+
+### New feature: ContainerLaunchPriority
+
+Container Launch Priority provides a way to help users control the sequence of containers start in a Pod.
+
+It works for Pod, no matter what kind of owner it belongs to, which means Deployment, CloneSet or any other Workloads are all supported.
+
+[doc](https://openkruise.io/docs/next/user-manuals/containerlaunchpriority)
+
+### WorkloadSpread
+
+- Manage the pods that were created before WorkloadSpread.
+- Optimize webhook update and retry during injection.
+
+### PodUnavailableBudget
+
+- Add pod no pub-protection annotation.
+- PUB controller watch workload replicas changed.
+
+### Advanced DaemonSet
+
+- Support in-place update daemon pod.
+
+### SidecarSet
+
+- Fix SidecarSet filter active pods.
+
+### Other
+
+- Kruise-daemon watch pods using protobuf.
+- Export resync seconds args.
+- Fix http checker reload ca.cert.
+
 ## v0.10.0
 
 ### New feature: PodUnavailableBudget
@@ -180,7 +963,7 @@ spec:
 Since v0.7.0:
 
 1. OpenKruise requires Kubernetes 1.13+ because of CRD conversion.
-  Note that for Kubernetes 1.13 and 1.14, users must enable `CustomResourceWebhookConversion` feature-gate in kube-apiserver before install or upgrade Kruise.
+   Note that for Kubernetes 1.13 and 1.14, users must enable `CustomResourceWebhookConversion` feature-gate in kube-apiserver before install or upgrade Kruise.
 2. OpenKruise official image supports multi-arch, by default including linux/amd64, linux/arm64, and linux/arm platforms.
 
 ### A NEW workload controller - AdvancedCronJob
@@ -528,4 +1311,4 @@ It provides full features for more efficient, deterministic and controlled deplo
 #### Features
 
 - Add SidecarSet that automatically injects sidecar container into selected pods
-- Support sidecar update functionality for SidecarSet
+- Support sidecar update functionality for SidecarSet

CONTRIBUTING.md

@@ -1,6 +1,6 @@
 # Contributing to Openkruise
 
-Welcome to Openkruise! Openkruise consists several repositories under the organization.
+Welcome to Openkruise! Openkruise consists of several repositories under the organization.
 We encourage you to help out by reporting issues, improving documentation, fixing bugs, or adding new features.
 Please also take a look at our code of conduct, which details how contributors are expected to conduct themselves as part of the Openkruise community.
 
@@ -10,7 +10,7 @@ To be honest, we regard every user of Openkruise as a very kind contributor.
 After experiencing Openkruise, you may have some feedback for the project.
 Then feel free to open an issue.
 
-There are lot of cases when you could open an issue:
+There are a lot of cases when you could open an issue:
 
 - bug report
 - feature request
@@ -20,11 +20,11 @@ There are lot of cases when you could open an issue:
 - help wanted
 - doc incomplete
 - test improvement
-- any questions on project
+- any questions on the project
 - and so on
 
-Also we must remind that when filing a new issue, please remember to remove the sensitive data from your post.
-Sensitive data could be password, secret key, network locations, private business data and so on.
+Also, we must remind you that when filing a new issue, please remember to remove the sensitive data from your post.
+Sensitive data could be passwords, secret keys, network locations, private business data, and so on.
 
 ## Code and doc contribution
 
@@ -45,13 +45,14 @@ On GitHub, every improvement for Openkruise could be via a PR (short for pull re
 ### Workspace Preparation
 
 To put forward a PR, we assume you have registered a GitHub ID.
-Then you could finish the preparation in the following steps:
+Then you can finish the preparation in the following steps:
 
-1. **Fork** Fork the repository you wish to work on. You just need to click the button Fork in right-left of project repository main page. Then you will end up with your repository in your GitHub username.
-2. **Clone** your own repository to develop locally. Use `git clone https://github.com/<your-username>/<project>.git` to clone repository to your local machine. Then you can create new branches to finish the change you wish to make.
+1. **Fork** Fork the repository you wish to work on. You just need to click the button Fork in the right-left of the project repository main page. Then you will end up with your repository in your GitHub username.
+2. **Clone** your own repository to develop locally. Use `git clone https://github.com/<your-username>/<project>.git` to clone the repository to your local machine. Then you can create new branches to finish the change you wish to make.
 3. **Set remote** upstream to be `https://github.com/openkruise/<project>.git` using the following two commands:
 
 ```bash
+cd <project>
 git remote add upstream https://github.com/openkruise/<project>.git
 git remote set-url --push upstream no-pushing
 ```
@@ -60,7 +61,7 @@ Adding this, we can easily synchronize local branches with upstream branches.
 
 4. **Create a branch** to add a new feature or fix issues
 
-Update local working directory:
+Update the local working directory:
 
 ```bash
 cd <project>
@@ -79,16 +80,16 @@ Make any change on the new-branch then build and test your codes.
 
 ### PR Description
 
-PR is the only way to make change to Kruise project files.
-To help reviewers better get your purpose, PR description could not be too detailed.
+PR is the only way to make changes to Kruise project files.
+To help reviewers better understand your purpose, PR description could not be too detailed.
 We encourage contributors to follow the [PR template](./.github/PULL_REQUEST_TEMPLATE.md) to finish the pull request.
 
 ### Developing Environment
 
-As a contributor, if you want to make any contribution to Kruise project, we should reach an agreement on the version of tools used in the development environment.
-Here are some dependents with specific version:
+As a contributor, if you want to make any contribution to the Kruise project, we should reach an agreement on the version of tools used in the development environment.
+Here are some dependencies with specific versions:
 
-- Golang : v1.13+ (1.15 is best)
+- Golang : v1.22+
 - Kubernetes: v1.16+
 
 ### Developing guide
@@ -96,29 +97,50 @@ Here are some dependents with specific version:
 There's a `Makefile` in the root folder which describes the options to build and install. Here are some common ones:
 
 ```bash
+# Generate code and manifests e.g. CRD, RBAC YAML files etc
+make manifests
+
 # Build the controller manager binary
 make build
 
 # Run the unit tests
 make test
-
-# Generate manifests e.g. CRD, RBAC YAML files etc
-make manifests
 ```
 
-**If you want to start kruise-controller-manager locally to work with a Kubernetes cluster, you should follow the [debug guide](./docs/debug/README.md).**
+**There are some guide documents for contributors in [./docs/contributing/](./docs/contributing), such as a debug guide to help you test your own branch in a Kubernetes cluster.**
+
+### Proposals
+
+If you are going to contribute a feature with a new API or need significant effort, please submit a proposal in [./docs/proposals/](./docs/proposals) first.
+
+### Kruise Helm Charts
+[kruise charts](https://github.com/openkruise/charts) is the openKruise charts repo, including kruise, kruise rollout, and kruise game.
+You can add the corresponding charts package in the versions directory as follows:
+```
+ versions
+ - kruise-game
+ - kruise-rollout
+ - kruise-state-metrics
+ - kruise
+   - 1.5.0
+   - 1.5.1
+   - 1.6.0
+   - 1.6.1
+```
+
+**make generate_helm_crds** automatically generates crds files under the bin/ directory, which in turn simplifies the generation of helm charts.
 
 ## Engage to help anything
 
 We choose GitHub as the primary place for Openkruise to collaborate.
 So the latest updates of Openkruise are always here.
-Although contributions via PR is an explicit way to help, we still call for any other ways.
+Although contributions via PR are an explicit way to help, we still call for any other ways.
 
 - reply to other's issues if you could;
 - help solve other user's problems;
 - help review other's PR design;
 - help review other's codes in PR;
-- discuss about Openkruise to make things clearer;
+- discuss Openkruise to make things clearer;
 - advocate Openkruise technology beyond GitHub;
 - write blogs on Openkruise and so on.
 
@@ -126,21 +148,5 @@ In a word, **ANY HELP IS CONTRIBUTION**.
 
 ## Join Openkruise as a member
 
-It is also welcomed to join Openkruise team if you are willing to participate in Openkruise community continuously and keep active.
-
-### Requirements
-
-- Have read the [Contributing to Openkruise](./CONTRIBUTING.md) carefully
-- Have read the [Contributor Covenant Code of Conduct](./CODE_OF_CONDUCT.md)
-- Have submitted multi PRs to the community
-- Be active in the community, may including but not limited
-  - Submitting or commenting on issues
-  - Contributing PRs to the community
-  - Reviewing PRs in the community
-
-### How to do it
-
-You can do it in either of two ways:
-
-- Submit a PR in the project repo
-- Contact via the [community](./README.md#community) channels offline
+It is also welcomed to join the Openkruise team if you are willing to participate in the Openkruise community continuously and keep active.
+Please read and follow the [Community Membership](https://github.com/openkruise/community/blob/master/community-membership.md).

Dockerfile

@@ -1,32 +1,48 @@
-# Build the manager binary
-FROM golang:1.16 as builder
-
+# Build the manager and daemon binaries
+ARG BASE_IMAGE=alpine
+ARG BASE_IMAGE_VERSION=3.21@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
+FROM golang:1.23.9-alpine3.21@sha256:fb7ea5cd19bc4eea3eb0d1972919ec0f6229b138985ce4b35ce5846c6bc02973 AS builder
 WORKDIR /workspace
 # Copy the Go Modules manifests
 COPY go.mod go.mod
 COPY go.sum go.sum
-# cache deps before building and copying source so that we don't need to re-download as much
-# and so that source changes don't invalidate our downloaded layer
-#RUN go mod download
 
 # Copy the go source
 COPY main.go main.go
 COPY apis/ apis/
 COPY cmd/ cmd/
 COPY pkg/ pkg/
-COPY vendor/ vendor/
 
 # Build
-RUN CGO_ENABLED=0 GO111MODULE=on go build -mod=vendor -a -o manager main.go \
-  && CGO_ENABLED=0 GO111MODULE=on go build -mod=vendor -a -o daemon ./cmd/daemon/main.go
+RUN CGO_ENABLED=0 GO111MODULE=on go build -a -o manager main.go \
+  && CGO_ENABLED=0 GO111MODULE=on go build -a -o daemon ./cmd/daemon/main.go
+
+ARG BASE_IMAGE
+ARG BASE_IMAGE_VERSION
+FROM ${BASE_IMAGE}:${BASE_IMAGE_VERSION}
 
-# Use Ubuntu 20.04 LTS as base image to package the manager binary
-FROM ubuntu:focal
-# This is required by daemon connnecting with cri
-RUN ln -s /usr/bin/* /usr/sbin/ && apt-get update -y \
-  && apt-get install --no-install-recommends -y ca-certificates \
-  && apt-get clean && rm -rf /var/log/*log /var/lib/apt/lists/* /var/log/apt/* /var/lib/dpkg/*-old /var/cache/debconf/*-old
 WORKDIR /
 COPY --from=builder /workspace/manager .
 COPY --from=builder /workspace/daemon ./kruise-daemon
+
+RUN set -eux; \
+    mkdir -p /log /tmp && \
+    chown -R nobody:nobody /log && \
+    chown -R nobody:nobody /tmp && \
+    chown -R nobody:nobody /manager && \
+    apk --no-cache --update upgrade && \
+    apk --no-cache add ca-certificates && \
+    apk --no-cache add tzdata && \
+    rm -rf /var/cache/apk/* && \
+    update-ca-certificates && \
+    echo "only include root and nobody user" && \
+    echo -e "root:x:0:0:root:/root:/bin/ash\nnobody:x:65534:65534:nobody:/:/sbin/nologin" | tee /etc/passwd && \
+    echo -e "root:x:0:root\nnobody:x:65534:" | tee /etc/group && \
+    rm -rf /usr/local/sbin/* && \
+    rm -rf /usr/local/bin/* && \
+    rm -rf /usr/sbin/* && \
+    rm -rf /usr/bin/* && \
+    rm -rf /sbin/* && \
+    rm -rf /bin/*
+
 ENTRYPOINT ["/manager"]

Dockerfile_helm_hook

@@ -0,0 +1,40 @@
+ARG BASE_IMAGE=alpine
+ARG BASE_IMAGE_VERSION=3.19
+FROM golang:1.20.14-alpine3.19 AS builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+
+# Copy the go source
+COPY apis/ apis/
+COPY cmd/ cmd/
+COPY pkg/ pkg/
+# Build
+RUN --mount=type=cache,target=/go CGO_ENABLED=0 GO111MODULE=on go build -a -o helm_hook ./cmd/helm_hook/main.go
+
+FROM ${BASE_IMAGE}:${BASE_IMAGE_VERSION}
+WORKDIR /
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
+RUN set -eux; \
+    mkdir -p /log /tmp && \
+    chown -R nobody:nobody /log && \
+    chown -R nobody:nobody /tmp && \
+    apk --no-cache --update upgrade && \
+    apk --no-cache add ca-certificates && \
+    apk --no-cache add tzdata && \
+    rm -rf /var/cache/apk/* && \
+    update-ca-certificates && \
+    echo "only include root and nobody user" && \
+    echo -e "root:x:0:0:root:/root:/bin/ash\nnobody:x:65534:65534:nobody:/:/sbin/nologin" | tee /etc/passwd && \
+    echo -e "root:x:0:root\nnobody:x:65534:" | tee /etc/group
+COPY --from=builder /workspace/helm_hook .
+RUN chown -R nobody:nobody /helm_hook && \
+    rm -rf /usr/local/sbin/* && \
+    rm -rf /usr/local/bin/* && \
+    rm -rf /usr/sbin/* && \
+    rm -rf /usr/bin/* && \
+    rm -rf /sbin/* && \
+    rm -rf /bin/*
+ENTRYPOINT ["/helm_hook"]

Dockerfile_multiarch

@@ -0,0 +1,56 @@
+# Build the manager and daemon binaries
+ARG BASE_IMAGE=alpine
+ARG BASE_IMAGE_VERSION=3.21@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
+ARG BUILD_BASE_IMAGE=golang:1.22.11-alpine3.21@sha256:161858498a61ce093c8e2bd704299bfb23e5bff79aef99b6c40bb9c6a43acf0f
+FROM --platform=$BUILDPLATFORM ${BUILD_BASE_IMAGE} AS builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+
+# Copy the go source
+COPY main.go main.go
+COPY apis/ apis/
+COPY cmd/ cmd/
+COPY pkg/ pkg/
+
+#ENV GOPROXY=https://goproxy.cn,direct
+RUN go mod tidy
+
+# Build
+ARG TARGETOS
+ARG TARGETARCH
+RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} CGO_ENABLED=0 GO111MODULE=on go build -a -o manager main.go \
+  && GOOS=${TARGETOS} GOARCH=${TARGETARCH} CGO_ENABLED=0 GO111MODULE=on go build -a -o daemon ./cmd/daemon/main.go
+
+
+ARG BASE_IMAGE
+ARG BASE_IMAGE_VERSION
+FROM ${BASE_IMAGE}:${BASE_IMAGE_VERSION}
+
+WORKDIR /
+COPY --from=builder /workspace/manager .
+COPY --from=builder /workspace/daemon ./kruise-daemon
+
+RUN set -eux; \
+    mkdir -p /log /tmp && \
+    chown -R nobody:nobody /log && \
+    chown -R nobody:nobody /tmp && \
+    chown -R nobody:nobody /manager && \
+    apk --no-cache --update upgrade && \
+    apk --no-cache add ca-certificates && \
+    apk --no-cache add tzdata && \
+    rm -rf /var/cache/apk/* && \
+    update-ca-certificates && \
+    echo "only include root and nobody user" && \
+    echo -e "root:x:0:0:root:/root:/bin/ash\nnobody:x:65534:65534:nobody:/:/sbin/nologin" | tee /etc/passwd && \
+    echo -e "root:x:0:root\nnobody:x:65534:" | tee /etc/group && \
+    rm -rf /usr/local/sbin/* && \
+    rm -rf /usr/local/bin/* && \
+    rm -rf /usr/sbin/* && \
+    rm -rf /usr/bin/* && \
+    rm -rf /sbin/* && \
+    rm -rf /bin/*
+
+ENTRYPOINT ["/manager"]

Dockerfile_windows

@@ -0,0 +1,11 @@
+# Build Windows image for kruise-daemon 
+
+# Using Windows HostProcess container base image: https://github.com/microsoft/windows-host-process-containers-base-image
+ARG BASE_IMAGE=mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image
+ARG BASE_IMAGE_VERSION=v1.0.0
+FROM ${BASE_IMAGE}:${BASE_IMAGE_VERSION}
+
+WORKDIR /
+COPY ./bin/kruise-daemon.exe .
+
+ENTRYPOINT ["kruise-daemon.exe"]

Makefile

@@ -1,9 +1,11 @@
 # Image URL to use all building/pushing image targets
 IMG ?= openkruise/kruise-manager:test
+HOOK_IMG ?= openkruise/kruise-helm-hook:test
+WIN_DAEMON_IMG ?= openkruise/kruise-daemon-win:test
 # Platforms to build the image for
-PLATFORMS ?= linux/amd64,linux/arm64,linux/arm
-# Produce CRDs that work for API servers that supports v1beta1 CRD and conversion, requires k8s 1.13 or later.
-CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false"
+PLATFORMS ?= linux/amd64,linux/arm64,linux/ppc64le
+WIN_PLATFORMS ?= windows/amd64
+CRD_OPTIONS ?= "crd:crdVersions=v1"
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -11,6 +13,11 @@ GOBIN=$(shell go env GOPATH)/bin
 else
 GOBIN=$(shell go env GOBIN)
 endif
+GOOS ?= $(shell go env GOOS)
+
+# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
+# Run `setup-envtest list` to list available versions.
+ENVTEST_K8S_VERSION ?= 1.32.0
 
 # Setting SHELL to bash allows bash commands to be executed by recipes.
 # This is a requirement for 'setup-envtest.sh' in the test target.
@@ -23,16 +30,15 @@ all: build
 ##@ Development
 
 go_check:
-	@scripts/check_go_version "1.15.0"
+	@scripts/check_go_version "1.23"
 
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
 	@scripts/generate_client.sh
 	@scripts/generate_openapi.sh
-	@scripts/generate_bindata.sh
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./apis/..."
 
 manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
-	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./apis/..." output:crd:artifacts:config=config/crd/bases
 
 fmt: go_check ## Run go fmt against code.
 	go fmt $(shell go list ./... | grep -v /vendor/)
@@ -43,28 +49,51 @@ vet: ## Run go vet against code.
 lint: golangci-lint ## Run golangci-lint against code.
 	$(GOLANGCI_LINT) run
 
-ENVTEST_ASSETS_DIR=$(shell pwd)/testbin
-test: generate fmt vet manifests ## Run tests
-	mkdir -p ${ENVTEST_ASSETS_DIR}
-	source ./scripts/setup-envtest.sh; fetch_envtest_tools $(ENVTEST_ASSETS_DIR); setup_envtest_env $(ENVTEST_ASSETS_DIR); go test ./pkg/... -coverprofile cover.out
+test: generate fmt vet manifests envtest ## Run tests
+	echo $(ENVTEST)
+	go build -o pkg/daemon/criruntime/imageruntime/fake_plugin/fake-credential-plugin pkg/daemon/criruntime/imageruntime/fake_plugin/main.go && chmod +x pkg/daemon/criruntime/imageruntime/fake_plugin/fake-credential-plugin
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test -race ./pkg/... -coverprofile raw-cover.out
+	rm pkg/daemon/criruntime/imageruntime/fake_plugin/fake-credential-plugin
+	grep -v "pkg/client" raw-cover.out > cover.out
+
+atest: 
+	echo $(ENVTEST)
+	go build -o pkg/daemon/criruntime/imageruntime/fake_plugin/fake-credential-plugin pkg/daemon/criruntime/imageruntime/fake_plugin/main.go && chmod +x pkg/daemon/criruntime/imageruntime/fake_plugin/fake-credential-plugin
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test -race ./pkg/... -coverprofile raw-cover.out
+	rm pkg/daemon/criruntime/imageruntime/fake_plugin/fake-credential-plugin
+	grep -v "pkg/client" raw-cover.out > cover.out
+
+coverage-report: ## Generate cover.html from cover.out
+	go tool cover -html=cover.out -o cover.html
+ifeq ($(GOOS), darwin)
+	open ./cover.html
+else
+	echo "open cover.html with a HTML viewer."
+endif
 
 ##@ Build
 
-build: manifests generate fmt vet ## Build manager binary.
+build: generate fmt vet manifests ## Build manager binary.
 	go build -o bin/manager main.go
 
+build-win-daemon: ## Build Windows daemon binary.
+	GOOS=windows go build -o bin/kruise-daemon.exe ./cmd/daemon/main.go
+
 run: manifests generate fmt vet ## Run a controller from your host.
 	go run ./main.go
 
-docker-build: test ## Build docker image with the manager.
+docker-build: ## Build docker image with the manager.
 	docker build --pull --no-cache . -t ${IMG}
 
 docker-push: ## Push docker image with the manager.
 	docker push ${IMG}
 
+docker-win-daemon: # Build Windows docker image with the daemon
+	docker buildx build -f ./Dockerfile_windows --pull --no-cache --platform=$(WIN_PLATFORMS) . -t $(WIN_DAEMON_IMG)
+
 # Build and push the multiarchitecture docker images and manifest.
 docker-multiarch:
-	docker buildx build --pull --no-cache --platform=$(PLATFORMS) --push . -t $(IMG)
+	docker buildx build -f ./Dockerfile_multiarch --pull --no-cache --platform=$(PLATFORMS) --push . -t $(IMG)
 
 ##@ Deployment
 
@@ -77,27 +106,32 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
 	$(KUSTOMIZE) build config/default | kubectl apply -f -
-	echo -e "resources:\n- manager.yaml" > config/manager/kustomization.yaml
+	$(KUSTOMIZE) build config/daemonconfig | kubectl apply -f -
 
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
 	$(KUSTOMIZE) build config/default | kubectl delete -f -
-
+	$(KUSTOMIZE) build config/daemonconfig | kubectl delete -f -
 
 CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
 controller-gen: ## Download controller-gen locally if necessary.
-	$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.5.0)
 
+# controller-gen@v0.16.5 comply with k8s.io/api v0.30.x
+ifeq ("$(shell $(CONTROLLER_GEN) --version 2> /dev/null)", "Version: v0.16.5")
+else
+	rm -rf $(CONTROLLER_GEN)
+	$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.17.3)
+endif
 KUSTOMIZE = $(shell pwd)/bin/kustomize
 kustomize: ## Download kustomize locally if necessary.
-	$(call go-get-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v3@v3.8.7)
+	$(call go-get-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v4@v4.5.5)
 
 GOLANGCI_LINT = $(shell pwd)/bin/golangci-lint
 golangci-lint: ## Download golangci-lint locally if necessary.
-	$(call go-get-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint@v1.42.1)
+	$(call go-get-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.2)
 
 GINKGO = $(shell pwd)/bin/ginkgo
 ginkgo: ## Download ginkgo locally if necessary.
-	$(call go-get-tool,$(GINKGO),github.com/onsi/ginkgo/ginkgo@v1.16.4)
+	$(call go-get-tool,$(GINKGO),github.com/onsi/ginkgo/v2/ginkgo@latest)
 
 # go-get-tool will 'go get' any package $2 and install it to $1.
 PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
@@ -107,9 +141,75 @@ set -e ;\
 TMP_DIR=$$(mktemp -d) ;\
 cd $$TMP_DIR ;\
 go mod init tmp ;\
-echo "replace sigs.k8s.io/controller-tools => github.com/openkruise/controller-tools v0.5.0-kruise-beta.3" >> go.mod ;\
-echo "Downloading $(2)" ;\
-GOBIN=$(PROJECT_DIR)/bin go get $(2) ;\
+echo "Downloading $(2) to $(PROJECT_DIR)/bin" ;\
+GOBIN=$(PROJECT_DIR)/bin go install $(2) ;\
 rm -rf $$TMP_DIR ;\
 }
 endef
+
+include tools/tools.mk
+
+## Location to install dependencies to
+TESTBIN ?= $(shell pwd)/testbin
+$(TESTBIN):
+	mkdir -p $(TESTBIN)
+
+ENVTEST ?= $(TESTBIN)/setup-envtest
+
+.PHONY: envtest
+envtest: $(TESTBIN) ## Download/update envtest-setup to latest version.
+	GOBIN=$(TESTBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+
+# create-cluster creates a kube cluster with kind.
+.PHONY: create-cluster
+create-cluster: $(tools/kind)
+	tools/hack/create-cluster.sh
+
+DISABLE_CSI ?= false
+
+.PHONY: install-csi
+install-csi:
+ifeq ($(DISABLE_CSI), true)
+	@echo "CSI is disabled, skip"
+else
+	cd tools/hack/csi-driver-host-path; ./install-snapshot.sh
+endif
+
+# delete-cluster deletes a kube cluster.
+.PHONY: delete-cluster
+delete-cluster: $(tools/kind) ## Delete kind cluster.
+	$(tools/kind) delete cluster --name ci-testing
+
+# kube-load-image loads a local built docker image into kube cluster.
+.PHONY: kube-load-image
+kube-load-image: $(tools/kind)
+	tools/hack/kind-load-image.sh $(IMG)
+
+# install-kruise install kruise with local build image to kube cluster.
+.PHONY: install-kruise
+install-kruise:
+	kubectl create namespace kruise-system;
+ifeq ($(ENABLE_E2E_CONFIG), true)
+	@echo "Applying e2e config...";
+	kubectl apply -f test/kruise-e2e-config.yaml;
+else
+	@echo "Skipping e2e config application...";
+endif
+	tools/hack/install-kruise.sh $(IMG)
+
+# run-kruise-e2e-test starts to run kruise e2e tests.
+.PHONY: run-kruise-e2e-test
+run-kruise-e2e-test:
+	@echo -e "\n\033[36mRunning kruise e2e tests...\033[0m"
+	tools/hack/run-kruise-e2e-test.sh
+
+generate_helm_crds:
+	scripts/generate_helm_crds.sh
+
+# kruise-e2e-test runs kruise e2e tests.
+.PHONY: kruise-e2e-test
+kruise-e2e-test: $(tools/kind) delete-cluster create-cluster install-csi docker-build kube-load-image install-kruise run-kruise-e2e-test delete-cluster
+
+.PHONY: docker-build-hook
+docker-build-hook:
+	docker buildx build -f ./Dockerfile_helm_hook --pull --no-cache --platform=$(PLATFORMS) --push . -t $(HOOK_IMG)

OWNERS

@@ -3,7 +3,11 @@ approvers:
   - Fei-Guo
   - FillZpp
   - furykerry
+  - zmberg
+  - veophi
 reviewers:
   - Fei-Guo
   - FillZpp
   - furykerry
+  - zmberg
+  - veophi

PROJECT

@@ -11,7 +11,7 @@ resources:
   domain: kruise.io
   group: apps
   kind: AdvancedCronJob
-  path: github.com/openkruise/kruise/api/v1alpha1
+  path: github.com/openkruise/kruise/apis/apps/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
@@ -19,7 +19,7 @@ resources:
   domain: kruise.io
   group: apps
   kind: BroadcastJob
-  path: github.com/openkruise/kruise/api/v1alpha1
+  path: github.com/openkruise/kruise/apis/apps/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
@@ -27,7 +27,7 @@ resources:
   domain: kruise.io
   group: apps
   kind: CloneSet
-  path: github.com/openkruise/kruise/api/v1alpha1
+  path: github.com/openkruise/kruise/apis/apps/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
@@ -35,7 +35,7 @@ resources:
   domain: kruise.io
   group: apps
   kind: ContainerRecreateRequest
-  path: github.com/openkruise/kruise/api/v1alpha1
+  path: github.com/openkruise/kruise/apis/apps/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
@@ -43,7 +43,7 @@ resources:
   domain: kruise.io
   group: apps
   kind: DaemonSet
-  path: github.com/openkruise/kruise/api/v1alpha1
+  path: github.com/openkruise/kruise/apis/apps/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
@@ -51,28 +51,28 @@ resources:
   domain: kruise.io
   group: apps
   kind: ImagePullJob
-  path: github.com/openkruise/kruise/api/v1alpha1
+  path: github.com/openkruise/kruise/apis/apps/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
   domain: kruise.io
   group: apps
   kind: NodeImage
-  path: github.com/openkruise/kruise/api/v1alpha1
+  path: github.com/openkruise/kruise/apis/apps/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
   domain: kruise.io
   group: apps
   kind: ResourceDistribution
-  path: github.com/openkruise/kruise/api/v1alpha1
+  path: github.com/openkruise/kruise/apis/apps/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
   domain: kruise.io
   group: apps
   kind: SidecarSet
-  path: github.com/openkruise/kruise/api/v1alpha1
+  path: github.com/openkruise/kruise/apis/apps/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
@@ -80,7 +80,7 @@ resources:
   domain: kruise.io
   group: apps
   kind: StatefulSet
-  path: github.com/openkruise/kruise/api/v1alpha1
+  path: github.com/openkruise/kruise/apis/apps/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
@@ -88,7 +88,7 @@ resources:
   domain: kruise.io
   group: apps
   kind: UnitedDeployment
-  path: github.com/openkruise/kruise/api/v1alpha1
+  path: github.com/openkruise/kruise/apis/apps/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
@@ -96,7 +96,7 @@ resources:
   domain: kruise.io
   group: apps
   kind: WorkloadSpread
-  path: github.com/openkruise/kruise/api/v1alpha1
+  path: github.com/openkruise/kruise/apis/apps/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
@@ -104,7 +104,7 @@ resources:
   domain: kruise.io
   group: apps
   kind: StatefulSet
-  path: github.com/openkruise/kruise/api/v1beta1
+  path: github.com/openkruise/kruise/apis/apps/v1beta1
   version: v1beta1
 - api:
     crdVersion: v1

README-zh_CN.md

@@ -10,42 +10,32 @@
 
 [English](./README.md) | 简体中文
 
-|![notification](docs/img/bell-outline-badge.svg) 最新进展：|
-|------------------|
-|Sep 6th, 2021. Kruise v0.10.0 发布! 新增 WorkloadSpread、PodUnavailableBudget 控制器以及一系列新功能, please check the [CHANGELOG](CHANGELOG.md) for details.|
-|May 20th, 2021. Kruise v0.9.0 发布! 新增了多种重大功能如 容器重建/重启、删除安全防护等，详情参见 [CHANGELOG](CHANGELOG.md).|
-|Mar 4th, 2021. Kruise v0.8.0 发布! 提供了重构版本的 SidecarSet、UnitedDeployment 支持管理 Deployment，以及一个新的 kruise-daemon 组件目前支持镜像预热，详情参见 [CHANGELOG](CHANGELOG.md).|
-
 ## 介绍
 
-OpenKruise (官网: [https://openkruise.io](https://openkruise.io)) 是托管在 [Cloud Native Computing Foundation](https://cncf.io/) (CNCF) 下的 Sandbox 项目。
+OpenKruise (官网: [https://openkruise.io](https://openkruise.io)) 是CNCF([Cloud Native Computing Foundation](https://cncf.io/)) 的孵化项目。
 它提供一套在 [Kubernetes核心控制器](https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/) 之外的扩展工作负载、应用管理能力。
 
 ## 核心能力
 
-- **通用工作负载**
+- **高级工作负载**
 
-  通用工作负载能帮助你管理 stateless(无状态)、stateful(有状态)、daemon 类型的应用。
+  通用工作负载能帮助你管理 stateless(无状态)、stateful(有状态)、daemon 类型和作业类的应用。
 
   它们不仅支持类似于 Kubernetes 原生 Workloads 的基础功能，还提供了如 **原地升级**、**可配置的扩缩容/发布策略**、**并发操作** 等。
 
   - [**CloneSet** - 无状态应用](https://openkruise.io/zh/docs/user-manuals/cloneset/)
   - [**Advanced StatefulSet** - 有状态应用](https://openkruise.io/zh/docs/user-manuals/advancedstatefulset)
   - [**Advanced DaemonSet** - daemon 类型应用](https://openkruise.io/zh/docs/user-manuals/advanceddaemonset)
-
-- **任务工作负载**
-
   - [**BroadcastJob** - 部署任务到一批特定节点上](https://openkruise.io/zh/docs/user-manuals/broadcastjob)
   - [**AdvancedCronJob** - 周期性地创建 Job 或 BroadcastJob](https://openkruise.io/zh/docs/user-manuals/advancedcronjob)
 
 - **Sidecar 容器管理**
 
-  Sidecar 容器可以很简单地通过 **SidecarSet** 来定义，然后 Kruise 会将它们注入到所有匹配的 Pod 中。
-
-  它是通过 Kubernetes webhook 机制来实现的，和 [istio](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/) 的注入实现方式类似，
-  但是它允许你指定管理你自己的 sidecar 容器。
+  Kruise通过**SidecarSet**简化了Sidecar的注入， 并提供了sidecar原地升级的能力。另外， Kruise提供了增强的sidecar启动、退出的控制
 
   - [**SidecarSet** - 定义和升级你的 sidecar 容器](https://openkruise.io/zh/docs/user-manuals/sidecarset)
+  - [**Container Launch Priority** 控制sidecar启动顺序](https://openkruise.io/zh/docs/user-manuals/containerlaunchpriority)
+  - [**Sidecar Job Terminator** 当 Job 类 Pod 主容器退出后，Terminator Sidecar容器](https://openkruise.io/zh/docs/user-manuals/jobsidecarterminator)
 
 - **多区域管理**
 
@@ -60,6 +50,9 @@ OpenKruise (官网: [https://openkruise.io](https://openkruise.io)) 是托管在
 
   - [原地重启 pod 中的容器](https://openkruise.io/zh/docs/user-manuals/containerrecreaterequest)
   - [指定的一批节点上拉取镜像](https://openkruise.io/zh/docs/user-manuals/imagepulljob)
+  - [**ResourceDistribution** 支持 Secret、Configmaps 资源跨 Namespace 分发](https://openkruise.io/zh/docs/user-manuals/resourcedistribution)
+  - [**PersistentPodState** 保持Pod的一些状态，比如："固定IP调度"](https://openkruise.io/zh/docs/user-manuals/persistentpodstate)
+  - [**PodProbeMarker** 提供自定义Probe探测的能力](https://openkruise.io/zh/docs/user-manuals/podprobemarker)
 
 - **应用安全防护**
 
@@ -68,20 +61,19 @@ OpenKruise (官网: [https://openkruise.io](https://openkruise.io)) 是托管在
 
 ## 快速开始
 
-我们强烈建议在 **Kubernetes >= 1.16** 以上版本的集群中使用 Kruise，使用 helm v3.1.0+ 执行安装即可：
-
-```bash
-helm install kruise https://github.com/openkruise/kruise/releases/download/v0.10.0/kruise-chart.tgz
-```
-
-> 注意直接安装 chart 会使用默认的 template values，你也可以根据你的集群情况指定一些特殊配置，比如修改 resources 限制或者配置 feature-gates。
-
-更多的安装/升级细节、或者更老版本的 Kubernetes 集群，可以查看 [这个文档](https://openkruise.io/docs/installation)。
-
-## 文档
-
 你可以在 [OpenKruise website](https://openkruise.io/zh/docs/) 查看到完整的文档集。
 
+- 安装/升级 Kruise [稳定版本](https://openkruise.io/docs/installation)
+- 安装/升级 Kruise [最新版本（包括 alpha/beta/rc）](https://openkruise.io/docs/next/installation)
+
+### 在阿里云上快速体验
+
+- 3分钟内在阿里云上创建 Kruise 体验环境:
+
+  <a href="https://acs.console.aliyun.com/quick-deploy?repo=openkruise/charts&branch=master&paths=%5B%22versions/kruise/1.7.3%22%5D" target="_blank">
+    <img src="https://img.alicdn.com/imgextra/i1/O1CN01aiPSuA1Wiz7wkgF5u_!!6000000002823-55-tps-399-70.svg" width="200" alt="Deploy on Alibaba Cloud">
+  </a>
+
 ## 用户
 
 登记: [如果贵司正在使用 Kruise 请留言](https://github.com/openkruise/kruise/issues/289)
@@ -92,6 +84,9 @@ helm install kruise https://github.com/openkruise/kruise/releases/download/v0.10
 - 小红书, 比心, 永辉科技中心, 跟谁学, 哈啰出行
 - Spectro Cloud, 艾佳生活, Arkane Systems, 滴普科技, 火花思维
 - OPPO, 苏宁, 欢聚时代, 汇量科技, 深圳凤凰木网络有限公司
+- 小米, 网易, 美团金融, 虾皮购物, e签宝
+- LinkedIn, 雪球, 兴盛优选, Wholee, LilithGames, Baidu
+- Bilibili, 冠赢互娱, MeiTuan, 同城
 
 ## 贡献
 
@@ -103,11 +98,17 @@ helm install kruise https://github.com/openkruise/kruise/releases/download/v0.10
 
 - Slack: [OpenKruise channel](https://kubernetes.slack.com/channels/openkruise) (*English*)
 - 钉钉：搜索群ID `23330762` (*Chinese*)
+- 微信：添加用户 `openkruise` 并让机器人拉你入群 (*Chinese*)
 - 社区双周会 (APAC, *Chinese*):
-  - 周四 19:00 GMT+8 (Asia/Shanghai)
-  - [进入会议(zoom)](https://us02web.zoom.us/j/87059136652?pwd=NlI4UThFWXVRZkxIU0dtR1NINncrQT09)
+  - 周四 19:30 GMT+8 (Asia/Shanghai)
+  - 进入会议(钉钉): 搜索群ID `23330762`
   - [会议纪要](https://shimo.im/docs/gXqmeQOYBehZ4vqo)
 - Bi-weekly Community Meeting (*English*): TODO
+  - [进入会议(zoom)](https://us02web.zoom.us/j/87059136652?pwd=NlI4UThFWXVRZkxIU0dtR1NINncrQT09)
+
+## 安全
+
+汇报安全漏洞请通过邮箱kubernetes-security@service.aliyun.com, 更多安全细节并参见[SECURITY.md](SECURITY.md)
 
 ## License
 

README.md

@@ -3,49 +3,40 @@
 [![License](https://img.shields.io/badge/license-Apache%202-4EB1BA.svg)](https://www.apache.org/licenses/LICENSE-2.0.html)
 [![Go Report Card](https://goreportcard.com/badge/github.com/openkruise/kruise)](https://goreportcard.com/report/github.com/openkruise/kruise)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/2908/badge)](https://bestpractices.coreinfrastructure.org/en/projects/2908)
-[![Build Status](https://travis-ci.org/openkruise/kruise.svg?branch=master)](https://travis-ci.org/openkruise/kruise)
+[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/openkruise/kruise/badge)](https://scorecard.dev/viewer/?uri=github.com/openkruise/kruise)
 [![CircleCI](https://circleci.com/gh/openkruise/kruise.svg?style=svg)](https://circleci.com/gh/openkruise/kruise)
 [![codecov](https://codecov.io/gh/openkruise/kruise/branch/master/graph/badge.svg)](https://codecov.io/gh/openkruise/kruise)
 [![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-v2.0%20adopted-ff69b4.svg)](./CODE_OF_CONDUCT.md)
+[![Gurubase](https://img.shields.io/badge/Gurubase-Ask%20Kruise%20Guru-006BFF)](https://gurubase.io/g/kruise)
 
 English | [简体中文](./README-zh_CN.md)
 
-|![notification](docs/img/bell-outline-badge.svg) What is NEW!|
-|------------------|
-|Sep 6th, 2021. Kruise v0.10.0 is **RELEASED**! It provides new controllers like WorkloadSpread and PodUnavailableBudget, please check the [CHANGELOG](CHANGELOG.md) for details.|
-|May 20th, 2021. Kruise v0.9.0 is **RELEASED**! It provides great features such as ContainerRecreate and DeletionProtection, please check the [CHANGELOG](CHANGELOG.md) for details.|
-|Mar 4th, 2021. Kruise v0.8.0 is **RELEASED**! It provides refactoring SidecarSet, Deployment hosted by UnitedDeployment, and a new kruise-daemon component which supports image pre-download, please check the [CHANGELOG](CHANGELOG.md) for details.|
-
 ## Introduction
 
-OpenKruise  (official site: [https://openkruise.io](https://openkruise.io)) is now hosted by the [Cloud Native Computing Foundation](https://cncf.io/) (CNCF) as a Sandbox Level Project.
+OpenKruise  (official site: [https://openkruise.io](https://openkruise.io)) is a CNCF([Cloud Native Computing Foundation](https://cncf.io/)) incubating project.
 It consists of several controllers which extend and complement the [Kubernetes core controllers](https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/) for workload and application management.
 
 ## Key Features
 
-- **Typical Workloads**
+- **Advance Workloads**
 
-  Typical Workloads can help you manage applications of stateless, stateful and daemon.
+  Advance Workloads can help you manage applications of stateless, stateful, daemon and job.
 
   They all support not only the basic features which are similar to the original Workloads in Kubernetes, but also more advanced abilities like **in-place update**, **configurable scale/upgrade strategies**, **parallel operations**.
 
   - [**CloneSet** for stateless applications](https://openkruise.io/docs/user-manuals/cloneset/)
   - [**Advanced StatefulSet** for stateful applications](https://openkruise.io/docs/user-manuals/advancedstatefulset)
   - [**Advanced DaemonSet** for daemon applications](https://openkruise.io/docs/user-manuals/advanceddaemonset)
-
-- **Job Workloads**
-
   - [**BroadcastJob** for deploying jobs over specific nodes](https://openkruise.io/docs/user-manuals/broadcastjob)
   - [**AdvancedCronJob** for creating Job or BroadcastJob periodically](https://openkruise.io/docs/user-manuals/advancedcronjob)
 
 - **Sidecar container Management**
 
-  The Sidecar containers can be simply defined in the **SidecarSet** custom resource and Kruise will inject them into all Pods matched.
-
-  The implementation is done by using Kubernetes mutating webhooks, similar to what [istio](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/) does.
-  However, it allows you to explicitly manage your own sidecars.
+  Kruise simplifies sidecar injection and enables sidecar in-place update. Kruise also enhances the sidecar startup and termination control.
 
   - [**SidecarSet** for defining and upgrading your own sidecars](https://openkruise.io/docs/user-manuals/sidecarset)
+  - [**Container Launch Priority** to control the container startup orders](https://openkruise.io/docs/user-manuals/containerlaunchpriority)
+  - [**Sidecar Job Terminator** terminates sidecar containers for such job-type Pods when its main containers completed.](https://openkruise.io/docs/user-manuals/jobsidecarterminator)
 
 - **Multi-domain Management**
 
@@ -59,8 +50,11 @@ It consists of several controllers which extend and complement the [Kubernetes c
 
 - **Enhanced Operations**
 
-  - [Restart containers in a running pod](https://openkruise.io/docs/user-manuals/containerrecreaterequest)
-  - [Download images on specific nodes](https://openkruise.io/docs/user-manuals/imagepulljob)
+  - [**ContainerRecreateRequest** provides a way to let users restart/recreate containers in a running pod](https://openkruise.io/docs/user-manuals/containerrecreaterequest)
+  - [**ImagePullJob** pre-download images on specific nodes](https://openkruise.io/docs/user-manuals/imagepulljob)
+  - [**ResourceDistribution** support Secret & ConfigMap resource distribution across namespaces](https://openkruise.io/docs/user-manuals/resourcedistribution)
+  - [**PersistentPodState** is able to persistent states of the Pod, such as "IP Retention"](https://openkruise.io/docs/user-manuals/persistentpodstate)
+  - [**PodProbeMarker** provides the ability to customize the Probe and return the result to the Pod](https://openkruise.io/docs/user-manuals/podprobemarker)
 
 - **Application Protection**
 
@@ -69,22 +63,19 @@ It consists of several controllers which extend and complement the [Kubernetes c
 
 ## Quick Start
 
-We strongly recommend you to use Kruise with **Kubernetes version >= 1.16**.
-For these clusters, you can simply install Kruise with helm v3.1.0+:
-
-```bash
-helm install kruise https://github.com/openkruise/kruise/releases/download/v0.10.0/kruise-chart.tgz
-```
-
-> Note that installing this chart directly means it will use the default template values for the kruise-manager.
-You may have to set your specific configurations when it is deployed into a production cluster or you want to configure feature-gates.
-
-For more install/upgrade details or older Kubernetes versions, please read [this doc](https://openkruise.io/docs/installation).
-
-## Documentation
-
 You can view the full documentation from the [OpenKruise website](https://openkruise.io/docs/).
 
+- Install or upgrade Kruise with [the stable version](https://openkruise.io/docs/installation).
+- Install or upgrade Kruise with [the latest version including alpha/beta/rc](https://openkruise.io/docs/next/installation).
+
+### Get Your Own Demo with Alibaba Cloud
+
+- install Kruise on a Serverless K8S cluster in 3 minutes, try:
+
+  <a href="https://acs.console.aliyun.com/quick-deploy?repo=openkruise/charts&branch=master&paths=%5B%22versions/kruise/1.8.0%22%5D" target="_blank">
+    <img src="https://img.alicdn.com/imgextra/i1/O1CN01aiPSuA1Wiz7wkgF5u_!!6000000002823-55-tps-399-70.svg" width="200" alt="Deploy on Alibaba Cloud">
+  </a>
+
 ## Users
 
 Registration: [Who is using Kruise](https://github.com/openkruise/kruise/issues/289)
@@ -94,7 +85,10 @@ Registration: [Who is using Kruise](https://github.com/openkruise/kruise/issues/
 - Lyft, Ctrip, 享住智慧, VIPKID, zhangmen
 - xiaohongshu, bixin, 永辉科技中心, 跟谁学, 哈啰出行
 - Spectro Cloud, ihomefnt, Arkane Systems, Deepexi, 火花思维
-- OPPO, Suning.cn, joyy, Mobvista
+- OPPO, Suning.cn, joyy, Mobvista, 深圳凤凰木网络有限公司
+- xiaomi, Netease, MeiTuan Finance, Shopee, Esign
+- LinkedIn, 雪球, 兴盛优选, Wholee, LilithGames, Baidu
+- Bilibili, 冠赢互娱, MeiTuan, 同城
 
 ## Contributing
 
@@ -105,12 +99,17 @@ You are warmly welcome to hack on Kruise. We have prepared a detailed guide [CON
 Active communication channels:
 
 - Slack: [OpenKruise channel](https://kubernetes.slack.com/channels/openkruise) (*English*)
-- DingTalk：Search Group ID `23330762` (*Chinese*)
+- DingTalk：Search GroupID `23330762` (*Chinese*)
+- WeChat: Search User `openkruise` and let the robot invite you (*Chinese*)
 - Bi-weekly Community Meeting (APAC, *Chinese*):
-  - Thursday 19:00 GMT+8 (Asia/Shanghai), [Calendar](https://calendar.google.com/calendar/u/2?cid=MjdtbDZucXA2bjVpNTFyYTNpazV2dW8ybHNAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ)
-  - [Meeting Link(zoom)](https://us02web.zoom.us/j/87059136652?pwd=NlI4UThFWXVRZkxIU0dtR1NINncrQT09)
+  - Thursday 19:30 GMT+8 (Asia/Shanghai), [Calendar](https://calendar.google.com/calendar/u/2?cid=MjdtbDZucXA2bjVpNTFyYTNpazV2dW8ybHNAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ)
+  - Join Meeting(DingTalk): Search GroupID `23330762` (*Chinese*)
   - [Notes and agenda](https://shimo.im/docs/gXqmeQOYBehZ4vqo)
 - Bi-weekly Community Meeting (*English*): TODO
+  - [Meeting Link(zoom)](https://us02web.zoom.us/j/87059136652?pwd=NlI4UThFWXVRZkxIU0dtR1NINncrQT09)
+
+## Security
+Please report vulnerabilities by email to kubernetes-security@service.aliyun.com. Also see our [SECURITY.md](SECURITY.md) file for details.
 
 ## License
 

RELEASE-PROCESS.md

@@ -0,0 +1,72 @@
+# Release Process
+
+The release process of a new version of Kruise involves the following:
+
+*(Currently only the [maintainers](https://github.com/openkruise/community/blob/master/MAINTAINERS.md) are eligible to release a new version)*
+
+## 0. Prerequisites
+
+Look at [the last release](https://github.com/openkruise/kruise/releases/latest) in the releases page:
+
+- For example, at the time of writing, it was v1.2.0
+- The next version will thus be v1.3.0
+
+## 1. Changelog
+
+Add a new section in [CHANGELOG.md](./CHANGELOG.md) for the new version that is being released along with the new features, patches and deprecations it introduces.
+
+It should not include every single change but solely what matters to our customers, for example, an issue template that has changed is not important.
+
+## 2. Publish documentation for new version
+
+Publish documentation for new version on [https://openkruise.io](https://openkruise.io).
+
+Fork [openkruise/openkruise.io](https://github.com/openkruise/openkruise.io), create a version from current using `yarn run docusaurus docs:version <VERSION>`.
+
+## 3. Create Kruise release on GitHub
+
+Creating a new release in the [releases page](https://github.com/openkruise/kruise/releases) will trigger a GitHub workflow which will create a new image with the latest code and tagged with the next version (in this example v1.3.0).
+
+## 4. Release template
+
+Every release should use the template provided below to create the GitHub release.
+
+Here's the template:
+
+```
+#### To install or upgrade to the old version, see [installation doc](https://openkruise.io/docs/installation/).
+
+## Changes since v1.2.0
+
+### New CRD and Controller: XXX
+
+### CloneSet
+
+### XXX
+
+### Others
+
+Thanks to all our contributors! 😊
+```
+
+## 5. Prepare our Helm Chart
+
+Before we can release our new Helm chart version, we need to prepare it:
+
+1. Create a new chart version with the updated version and appVersion in our [chart repository](https://github.com/openkruise/charts/tree/master/versions/kruise).
+2. Update the CRDs & Kubernetes resources based on the release artifact (YAML)
+
+## 6. Ship new Helm chart
+
+Submit a PR to merge the new release,
+and then the [Publish action](https://github.com/openkruise/charts/actions/workflows/publish.yaml) will automatically package and publish it.
+
+## 7. Prepare next release
+
+As per our [release governance](./RELEASES.md), we need to create a new shipping cycle in our project settings with a target date in 2 to 3 months after the last cycle.
+
+Lastly, a new [milestone](https://github.com/openkruise/kruise/milestones) should be created to maintain the changes of next release.
+
+## 8. Announcement
+
+Announce the new release in Slack channel, DingTalk and WeChat groups.

RELEASES.md

@@ -0,0 +1,37 @@
+# RELEASES
+
+This document describes how Kruise handles versioning, releases new versions and communicates about them.
+
+Kruise uses semantic versioning so that their users can reliably upgrade according to their needs.
+
+## Release Cycle
+
+Kruise is using a release schedule of 2 to 3 months and uses [GitHub milestones](https://github.com/openkruise/kruise/milestones) to provide an indication of when the next release is planned.
+It can, however, happen that releases get delayed which will be reflected on the milestone.
+
+## Release Process
+
+You can learn about our release process [here](./RELEASE-PROCESS.md).
+
+## Keeping Track Of Changes
+
+We provide a changelog that includes every change per version must be available as part of the repo, for example, here is the [changelog for Kruise](./CHANGELOG.md).
+
+Next to that, every closed issue and PR should be added to a GitHub Milestone that provides an overview of everything that will be included and provide an indication of what the current intended release date is.
+However, the release date is subject to change and only provides an indication.
+
+Lastly, every new release will come with a GitHub Release which provides the exact changelog for that release.
+
+## Get Notified For New Releases
+
+If you want to be notified of new releases, we recommend [watching](https://docs.github.com/en/github/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#configuring-your-watch-settings-for-an-individual-repository) our [openkruise/kruise repository](https://github.com/openkruise/kruise) on GitHub and ensure you are subscribing for releases.
+
+Next to that, you can join the conversation for every new release on GitHub Discussions.
+
+## Support
+
+- [User Documentation](https://openkruise.io/docs/)
+- Community
+  - [GitHub Discussions](https://github.com/openkruise/kruise/discussions/new)
+  - [Channel #openkruise in Kubernetes Slack](https://kubernetes.slack.com/channels/openkruise) ([registration](http://slack.k8s.io/))
+  - DingTalk：Search GroupID 23330762 (Chinese)

SECURITY.md

@@ -9,9 +9,10 @@ Here's an overview:
 
 | Version | Supported           |
 | ------- | ------------------- |
-| 0.10.x   | :white_check_mark: |
-| 0.9.x   | :white_check_mark:  |
-| < 0.9   | :x:                 |
+| 1.16.x   | :white_check_mark: |
+| 1.15.x   | :white_check_mark:  |
+| 1.14.x   | :white_check_mark:  |
+| < 1.14   | :x:                 |
 
 ## Prevention
 
@@ -26,16 +27,9 @@ Kruise maintainers are working to improve our prevention by adding additional me
 
 We strive to ship secure software, but we need the community to help us find security breaches.
 
-In case of a confirmed breach, reporters will get full credit and can be keep in the loop, if
-preferred.
+In case of a confirmed breach, reporters will get full credit and can be keep in the loop, if preferred.
 
-### Private Disclosure Processes
-
-We ask that all suspected vulnerabilities be privately and responsibly disclosed by [contacting our maintainers](mailto:cncf-openkruise-maintainers@lists.cncf.io).
-
-### Public Disclosure Processes
-
-If you know of a publicly disclosed security vulnerability please IMMEDIATELY email the [OpenKruise maintainers](mailto:cncf-openkruise-maintainers@lists.cncf.io) to inform about the vulnerability so they may start the patch, release, and communication process.
+DO NOT CREATE AN ISSUE to report a security problem. Instead, please send an email to kubernetes-security@service.aliyun.com
 
 ### Compensation
 

SECURITY_CONTACTS.md

@@ -0,0 +1,10 @@
+Defined below are the security persons of contact for this project. If you have questions regarding the triaging and handling of incoming problems, they may be contacted.
+
+The following security contacts have agreed to abide by the [Embargo Policy](embargo-policy.md) and will be removed and replaced if found to be in violation of that agreement.
+
+DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, USE THE INSTRUCTIONS AT [SECURITY.md](SECURITY.md)
+
+Security Contacts:
+* [Zhen Zhang](mailto:shouchen.zz@alibaba-inc.com)
+* [Mingshan Zhao](mailto:liheng.zms@alibaba-inc.com)
+

SECURITY_RESPONSE.md

@@ -0,0 +1,84 @@
+# Incident response
+
+This serves to define how potential security issues should be triaged, how
+confirmation occurs, providing the notification, and issuing a security advisory
+as well as patch/release.
+
+## Triage
+
+### Identify the problem
+
+Triaging issues allows maintainers to focus resources on the most critically
+impacting problems. Potential security risks should be evaluated against the
+following information:
+
+* Which component(s) of the project is impacted?
+* What kind of problem is this?
+  * privilege escalation
+  * credential access
+  * code execution
+  * exfiltration
+  * lateral movement
+* How complex is the problem?
+* Is user interaction required?
+* What privileges are required for this problem to occur?
+  * admin
+  * general
+* What is the potential impact or consequence of the problem?
+* Does an exploit exist?
+
+Any potential problem that has an exploit, permits privilege escalation, is
+simple, and does not require user interaction should be evaluated immediately.
+[CVSS Version 3.1](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator) can be
+a helpful tool in evaluating the criticality of reported issues.
+
+### Acknowledge receipt of the problem
+
+Respond to the reporter and notify them that you have received and begun reviewing the problem. Remind them of the [embargo policy](https://github.com/cncf/tag-security/blob/231b87f371274b2d68def2c6a35a719210836191/project-resources/templates/embargo-policy.md), and provide them
+information on who to contact/follow-up with if they have questions. Estimate when they can expect to receive an update. Create a calendar reminder to contact them again by that date to provide an update.
+
+### Replicate the problem
+
+Follow the instructions relayed in the problem. If the instructions are
+insufficient, contact the reporter and ask for more information.
+
+If the problem cannot be replicated, re-engage the reporter, let them know it
+cannot be replicated, and work with them to find a remediation.
+
+If the problem can be replicated, re-evaluate the criticality of the problem, and
+begin working on a remediation. Begin a draft security advisory.
+
+Notify the reporter you were able to replicate the problem and have begun working
+on a fix. Remind them of the [embargo policy](https://github.com/cncf/tag-security/blob/231b87f371274b2d68def2c6a35a719210836191/project-resources/templates/embargo-policy.md). If necessary, notify them of an
+extension (only for very complex problems where remediation cannot be issued
+within the project's specified window).
+
+#### Request a CVE number
+
+If a CVE has already been provided, be sure to include it on the advisory. If
+one has not yet been created, [GitHub functions as a CVE Numbering Authority](https://docs.github.com/en/code-security/security-advisories/about-github-security-advisories#cve-identification-numbers)
+and allows you to request one as part of the security advisory process. Provide
+all required information and as much optional information as we can. The CVE
+number is shown as reserved with no further details until notified it has been
+published.
+
+## Notification
+
+Once the problem has been replicated and a remediation is in place, notify
+subscribed parties with a security bulletin (use [this template](https://github.com/cncf/tag-security/blob/231b87f371274b2d68def2c6a35a719210836191/project-resources/templates/embargo.md)) and the expected publishing date.
+
+## Publish and release
+
+Once a CVE number has been assigned, publish and release the updated
+version/patch. Be sure to notify the CVE group when published so the CVE details
+are searchable. Be sure to give credit to the reporter by *[editing the security
+advisory](https://docs.github.com/en/github/managing-security-vulnerabilities/editing-a-security-advisory#about-credits-for-security-advisories)*
+as they took the time to notify and work with you on the problem!
+
+### Issue a security advisory
+
+Follow the instructions from [GitHub to publish the security advisory previously
+drafted](https://docs.github.com/en/github/managing-security-vulnerabilities/publishing-a-security-advisory).
+
+For more information on security advisories, please refer to the [GitHub
+Article](https://docs.github.com/en/code-security/security-advisories/about-github-security-advisories).

apis/apps/defaults/pod.go

@@ -47,20 +47,20 @@ func SetDefaultPodSpec(in *corev1.PodSpec) {
 		v1.SetDefaults_ResourceList(&a.Resources.Requests)
 		if a.LivenessProbe != nil {
 			v1.SetDefaults_Probe(a.LivenessProbe)
-			if a.LivenessProbe.Handler.HTTPGet != nil {
-				v1.SetDefaults_HTTPGetAction(a.LivenessProbe.Handler.HTTPGet)
+			if a.LivenessProbe.ProbeHandler.HTTPGet != nil {
+				v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet)
 			}
 		}
 		if a.ReadinessProbe != nil {
 			v1.SetDefaults_Probe(a.ReadinessProbe)
-			if a.ReadinessProbe.Handler.HTTPGet != nil {
-				v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.Handler.HTTPGet)
+			if a.ReadinessProbe.ProbeHandler.HTTPGet != nil {
+				v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet)
 			}
 		}
 		if a.StartupProbe != nil {
 			v1.SetDefaults_Probe(a.StartupProbe)
-			if a.StartupProbe.Handler.HTTPGet != nil {
-				v1.SetDefaults_HTTPGetAction(a.StartupProbe.Handler.HTTPGet)
+			if a.StartupProbe.ProbeHandler.HTTPGet != nil {
+				v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet)
 			}
 		}
 		if a.Lifecycle != nil {
@@ -101,20 +101,20 @@ func SetDefaultPodSpec(in *corev1.PodSpec) {
 		v1.SetDefaults_ResourceList(&a.Resources.Requests)
 		if a.LivenessProbe != nil {
 			v1.SetDefaults_Probe(a.LivenessProbe)
-			if a.LivenessProbe.Handler.HTTPGet != nil {
-				v1.SetDefaults_HTTPGetAction(a.LivenessProbe.Handler.HTTPGet)
+			if a.LivenessProbe.ProbeHandler.HTTPGet != nil {
+				v1.SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet)
 			}
 		}
 		if a.ReadinessProbe != nil {
 			v1.SetDefaults_Probe(a.ReadinessProbe)
-			if a.ReadinessProbe.Handler.HTTPGet != nil {
-				v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.Handler.HTTPGet)
+			if a.ReadinessProbe.ProbeHandler.HTTPGet != nil {
+				v1.SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet)
 			}
 		}
 		if a.StartupProbe != nil {
 			v1.SetDefaults_Probe(a.StartupProbe)
-			if a.StartupProbe.Handler.HTTPGet != nil {
-				v1.SetDefaults_HTTPGetAction(a.StartupProbe.Handler.HTTPGet)
+			if a.StartupProbe.ProbeHandler.HTTPGet != nil {
+				v1.SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet)
 			}
 		}
 		if a.Lifecycle != nil {
@@ -150,20 +150,20 @@ func SetDefaultPodSpec(in *corev1.PodSpec) {
 		v1.SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests)
 		if a.EphemeralContainerCommon.LivenessProbe != nil {
 			v1.SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe)
-			if a.EphemeralContainerCommon.LivenessProbe.Handler.HTTPGet != nil {
-				v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.Handler.HTTPGet)
+			if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil {
+				v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet)
 			}
 		}
 		if a.EphemeralContainerCommon.ReadinessProbe != nil {
 			v1.SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe)
-			if a.EphemeralContainerCommon.ReadinessProbe.Handler.HTTPGet != nil {
-				v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.Handler.HTTPGet)
+			if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil {
+				v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet)
 			}
 		}
 		if a.EphemeralContainerCommon.StartupProbe != nil {
 			v1.SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe)
-			if a.EphemeralContainerCommon.StartupProbe.Handler.HTTPGet != nil {
-				v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.Handler.HTTPGet)
+			if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil {
+				v1.SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet)
 			}
 		}
 		if a.EphemeralContainerCommon.Lifecycle != nil {
@@ -192,12 +192,6 @@ func SetDefaultPodVolumes(volumes []corev1.Volume) {
 		if a.VolumeSource.Secret != nil {
 			v1.SetDefaults_SecretVolumeSource(a.VolumeSource.Secret)
 		}
-		if a.VolumeSource.ISCSI != nil {
-			v1.SetDefaults_ISCSIVolumeSource(a.VolumeSource.ISCSI)
-		}
-		if a.VolumeSource.RBD != nil {
-			v1.SetDefaults_RBDVolumeSource(a.VolumeSource.RBD)
-		}
 		if a.VolumeSource.DownwardAPI != nil {
 			v1.SetDefaults_DownwardAPIVolumeSource(a.VolumeSource.DownwardAPI)
 			for j := range a.VolumeSource.DownwardAPI.Items {
@@ -210,9 +204,6 @@ func SetDefaultPodVolumes(volumes []corev1.Volume) {
 		if a.VolumeSource.ConfigMap != nil {
 			v1.SetDefaults_ConfigMapVolumeSource(a.VolumeSource.ConfigMap)
 		}
-		if a.VolumeSource.AzureDisk != nil {
-			v1.SetDefaults_AzureDiskVolumeSource(a.VolumeSource.AzureDisk)
-		}
 		if a.VolumeSource.Projected != nil {
 			v1.SetDefaults_ProjectedVolumeSource(a.VolumeSource.Projected)
 			for j := range a.VolumeSource.Projected.Sources {
@@ -230,8 +221,5 @@ func SetDefaultPodVolumes(volumes []corev1.Volume) {
 				}
 			}
 		}
-		if a.VolumeSource.ScaleIO != nil {
-			v1.SetDefaults_ScaleIOVolumeSource(a.VolumeSource.ScaleIO)
-		}
 	}
 }

apis/apps/defaults/v1alpha1.go

@@ -23,28 +23,60 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	v1 "k8s.io/kubernetes/pkg/apis/core/v1"
-	utilpointer "k8s.io/utils/pointer"
+	"k8s.io/utils/ptr"
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+)
+
+const (
+	// ProtectionFinalizer is designed to ensure the GC of resources.
+	ProtectionFinalizer = "apps.kruise.io/deletion-protection"
 )
 
 // SetDefaults_SidecarSet set default values for SidecarSet.
 func SetDefaultsSidecarSet(obj *v1alpha1.SidecarSet) {
-	setSidecarSetUpdateStratety(&obj.Spec.UpdateStrategy)
+	setSidecarSetUpdateStrategy(&obj.Spec.UpdateStrategy)
 
 	for i := range obj.Spec.InitContainers {
-		setSidecarDefaultContainer(&obj.Spec.InitContainers[i])
+		setDefaultSidecarContainer(&obj.Spec.InitContainers[i], v1alpha1.AfterAppContainerType)
 	}
 
 	for i := range obj.Spec.Containers {
-		setDefaultSidecarContainer(&obj.Spec.Containers[i])
+		setDefaultSidecarContainer(&obj.Spec.Containers[i], v1alpha1.BeforeAppContainerType)
 	}
 
 	//default setting volumes
 	SetDefaultPodVolumes(obj.Spec.Volumes)
+
+	//default setting history revision limitation
+	SetDefaultRevisionHistoryLimit(&obj.Spec.RevisionHistoryLimit)
+
+	// default patchPolicy is 'Retain'
+	for i := range obj.Spec.PatchPodMetadata {
+		patch := &obj.Spec.PatchPodMetadata[i]
+		if patch.PatchPolicy == "" {
+			patch.PatchPolicy = v1alpha1.SidecarSetRetainPatchPolicy
+		}
+	}
+
+	//default setting injectRevisionStrategy
+	SetDefaultInjectRevision(&obj.Spec.InjectionStrategy)
 }
 
-func setDefaultSidecarContainer(sidecarContainer *v1alpha1.SidecarContainer) {
+func SetDefaultInjectRevision(strategy *v1alpha1.SidecarSetInjectionStrategy) {
+	if strategy.Revision != nil && strategy.Revision.Policy == "" {
+		strategy.Revision.Policy = v1alpha1.AlwaysSidecarSetInjectRevisionPolicy
+	}
+}
+
+func SetDefaultRevisionHistoryLimit(revisionHistoryLimit **int32) {
+	if *revisionHistoryLimit == nil {
+		*revisionHistoryLimit = ptr.To(int32(10))
+	}
+}
+
+func setDefaultSidecarContainer(sidecarContainer *v1alpha1.SidecarContainer, injectPolicy v1alpha1.PodInjectPolicyType) {
 	if sidecarContainer.PodInjectPolicy == "" {
-		sidecarContainer.PodInjectPolicy = v1alpha1.BeforeAppContainerType
+		sidecarContainer.PodInjectPolicy = injectPolicy
 	}
 	if sidecarContainer.UpgradeStrategy.UpgradeType == "" {
 		sidecarContainer.UpgradeStrategy.UpgradeType = v1alpha1.SidecarContainerColdUpgrade
@@ -53,10 +85,10 @@ func setDefaultSidecarContainer(sidecarContainer *v1alpha1.SidecarContainer) {
 		sidecarContainer.ShareVolumePolicy.Type = v1alpha1.ShareVolumePolicyDisabled
 	}
 
-	setSidecarDefaultContainer(sidecarContainer)
+	setDefaultContainer(sidecarContainer)
 }
 
-func setSidecarSetUpdateStratety(strategy *v1alpha1.SidecarSetUpdateStrategy) {
+func setSidecarSetUpdateStrategy(strategy *v1alpha1.SidecarSetUpdateStrategy) {
 	if strategy.Type == "" {
 		strategy.Type = v1alpha1.RollingUpdateSidecarSetStrategyType
 	}
@@ -70,7 +102,7 @@ func setSidecarSetUpdateStratety(strategy *v1alpha1.SidecarSetUpdateStrategy) {
 	}
 }
 
-func setSidecarDefaultContainer(sidecarContainer *v1alpha1.SidecarContainer) {
+func setDefaultContainer(sidecarContainer *v1alpha1.SidecarContainer) {
 	container := &sidecarContainer.Container
 	v1.SetDefaults_Container(container)
 	for i := range container.Ports {
@@ -79,6 +111,12 @@ func setSidecarDefaultContainer(sidecarContainer *v1alpha1.SidecarContainer) {
 			p.Protocol = "TCP"
 		}
 	}
+	for i := range sidecarContainer.TransferEnv {
+		tEnv := &sidecarContainer.TransferEnv[i]
+		if tEnv.SourceContainerNameFrom != nil {
+			v1.SetDefaults_ObjectFieldSelector(tEnv.SourceContainerNameFrom.FieldRef)
+		}
+	}
 	for i := range container.Env {
 		e := &container.Env[i]
 		if e.ValueFrom != nil {
@@ -91,14 +129,14 @@ func setSidecarDefaultContainer(sidecarContainer *v1alpha1.SidecarContainer) {
 	v1.SetDefaults_ResourceList(&container.Resources.Requests)
 	if container.LivenessProbe != nil {
 		v1.SetDefaults_Probe(container.LivenessProbe)
-		if container.LivenessProbe.Handler.HTTPGet != nil {
-			v1.SetDefaults_HTTPGetAction(container.LivenessProbe.Handler.HTTPGet)
+		if container.LivenessProbe.ProbeHandler.HTTPGet != nil {
+			v1.SetDefaults_HTTPGetAction(container.LivenessProbe.ProbeHandler.HTTPGet)
 		}
 	}
 	if container.ReadinessProbe != nil {
 		v1.SetDefaults_Probe(container.ReadinessProbe)
-		if container.ReadinessProbe.Handler.HTTPGet != nil {
-			v1.SetDefaults_HTTPGetAction(container.ReadinessProbe.Handler.HTTPGet)
+		if container.ReadinessProbe.ProbeHandler.HTTPGet != nil {
+			v1.SetDefaults_HTTPGetAction(container.ReadinessProbe.ProbeHandler.HTTPGet)
 		}
 	}
 	if container.Lifecycle != nil {
@@ -160,15 +198,17 @@ func SetDefaultsBroadcastJob(obj *v1alpha1.BroadcastJob, injectTemplateDefaults
 	if obj.Spec.FailurePolicy.Type == "" {
 		obj.Spec.FailurePolicy.Type = v1alpha1.FailurePolicyTypeFailFast
 	}
+
+	// Default to 'OnFailure' if no restartPolicy is specified
+	if obj.Spec.Template.Spec.RestartPolicy == "" {
+		obj.Spec.Template.Spec.RestartPolicy = corev1.RestartPolicyOnFailure
+	}
 }
 
 // SetDefaults_UnitedDeployment set default values for UnitedDeployment.
 func SetDefaultsUnitedDeployment(obj *v1alpha1.UnitedDeployment, injectTemplateDefaults bool) {
-	if obj.Spec.Replicas == nil {
-		obj.Spec.Replicas = utilpointer.Int32Ptr(1)
-	}
 	if obj.Spec.RevisionHistoryLimit == nil {
-		obj.Spec.RevisionHistoryLimit = utilpointer.Int32Ptr(10)
+		obj.Spec.RevisionHistoryLimit = ptr.To(int32(10))
 	}
 
 	if len(obj.Spec.UpdateStrategy.Type) == 0 {
@@ -191,15 +231,34 @@ func SetDefaultsUnitedDeployment(obj *v1alpha1.UnitedDeployment, injectTemplateD
 			}
 		}
 	}
+
+	hasReplicasSettings := false
+	hasCapacitySettings := false
+	for _, subset := range obj.Spec.Topology.Subsets {
+		if subset.Replicas != nil {
+			hasReplicasSettings = true
+		}
+		if subset.MinReplicas != nil || subset.MaxReplicas != nil {
+			hasCapacitySettings = true
+		}
+	}
+	if hasCapacitySettings && !hasReplicasSettings {
+		for i := range obj.Spec.Topology.Subsets {
+			subset := &obj.Spec.Topology.Subsets[i]
+			if subset.MinReplicas == nil {
+				subset.MinReplicas = &intstr.IntOrString{Type: intstr.Int, IntVal: 0}
+			}
+		}
+	}
 }
 
 // SetDefaults_CloneSet set default values for CloneSet.
 func SetDefaultsCloneSet(obj *v1alpha1.CloneSet, injectTemplateDefaults bool) {
 	if obj.Spec.Replicas == nil {
-		obj.Spec.Replicas = utilpointer.Int32Ptr(1)
+		obj.Spec.Replicas = ptr.To(int32(1))
 	}
 	if obj.Spec.RevisionHistoryLimit == nil {
-		obj.Spec.RevisionHistoryLimit = utilpointer.Int32Ptr(10)
+		obj.Spec.RevisionHistoryLimit = ptr.To(int32(10))
 	}
 
 	if injectTemplateDefaults {
@@ -245,33 +304,34 @@ func SetDefaultsDaemonSet(obj *v1alpha1.DaemonSet) {
 
 	if obj.Spec.UpdateStrategy.Type == "" {
 		obj.Spec.UpdateStrategy.Type = v1alpha1.RollingUpdateDaemonSetStrategyType
-
-		// UpdateStrategy.RollingUpdate will take default values below.
-		obj.Spec.UpdateStrategy.RollingUpdate = &v1alpha1.RollingUpdateDaemonSet{}
 	}
-
 	if obj.Spec.UpdateStrategy.Type == v1alpha1.RollingUpdateDaemonSetStrategyType {
 		if obj.Spec.UpdateStrategy.RollingUpdate == nil {
 			obj.Spec.UpdateStrategy.RollingUpdate = &v1alpha1.RollingUpdateDaemonSet{}
 		}
-		if obj.Spec.UpdateStrategy.RollingUpdate.Partition == nil {
-			obj.Spec.UpdateStrategy.RollingUpdate.Partition = new(int32)
-			*obj.Spec.UpdateStrategy.RollingUpdate.Partition = 0
-		}
-		if obj.Spec.UpdateStrategy.RollingUpdate.MaxUnavailable == nil {
-			maxUnavailable := intstr.FromInt(1)
-			obj.Spec.UpdateStrategy.RollingUpdate.MaxUnavailable = &maxUnavailable
+
+		// Make it compatible with the predicated Surging
+		if obj.Spec.UpdateStrategy.RollingUpdate.Type == v1alpha1.DeprecatedSurgingRollingUpdateType {
+			if obj.Spec.UpdateStrategy.RollingUpdate.MaxSurge == nil {
+				maxSurge := intstr.FromInt(1)
+				obj.Spec.UpdateStrategy.RollingUpdate.MaxSurge = &maxSurge
+			}
+			if obj.Spec.UpdateStrategy.RollingUpdate.MaxUnavailable == nil {
+				maxUnavailable := intstr.FromInt(0)
+				obj.Spec.UpdateStrategy.RollingUpdate.MaxUnavailable = &maxUnavailable
+			}
 		}
 
-		if obj.Spec.UpdateStrategy.RollingUpdate.Type == "" {
+		// Default and convert to Standard
+		if obj.Spec.UpdateStrategy.RollingUpdate.Type == "" || obj.Spec.UpdateStrategy.RollingUpdate.Type == v1alpha1.DeprecatedSurgingRollingUpdateType {
 			obj.Spec.UpdateStrategy.RollingUpdate.Type = v1alpha1.StandardRollingUpdateType
 		}
-		// Only when RollingUpdate Type is SurgingRollingUpdateType, it need to initialize the MaxSurge.
-		if obj.Spec.UpdateStrategy.RollingUpdate.Type == v1alpha1.SurgingRollingUpdateType {
-			if obj.Spec.UpdateStrategy.RollingUpdate.MaxSurge == nil {
-				MaxSurge := intstr.FromInt(1)
-				obj.Spec.UpdateStrategy.RollingUpdate.MaxSurge = &MaxSurge
-			}
+
+		if obj.Spec.UpdateStrategy.RollingUpdate.MaxUnavailable == nil && obj.Spec.UpdateStrategy.RollingUpdate.MaxSurge == nil {
+			maxUnavailable := intstr.FromInt(1)
+			obj.Spec.UpdateStrategy.RollingUpdate.MaxUnavailable = &maxUnavailable
+			MaxSurge := intstr.FromInt(0)
+			obj.Spec.UpdateStrategy.RollingUpdate.MaxSurge = &MaxSurge
 		}
 	}
 
@@ -310,15 +370,15 @@ func SetDefaultsNodeImage(obj *v1alpha1.NodeImage) {
 
 func SetDefaultsImageTagPullPolicy(obj *v1alpha1.ImageTagPullPolicy) {
 	if obj.TimeoutSeconds == nil {
-		obj.TimeoutSeconds = utilpointer.Int32Ptr(600)
+		obj.TimeoutSeconds = ptr.To(int32(600))
 	}
 	if obj.BackoffLimit == nil {
-		obj.BackoffLimit = utilpointer.Int32Ptr(3)
+		obj.BackoffLimit = ptr.To(int32(3))
 	}
 }
 
 // SetDefaults_ImagePullJob set default values for ImagePullJob.
-func SetDefaultsImagePullJob(obj *v1alpha1.ImagePullJob) {
+func SetDefaultsImagePullJob(obj *v1alpha1.ImagePullJob, addProtection bool) {
 	if obj.Spec.CompletionPolicy.Type == "" {
 		obj.Spec.CompletionPolicy.Type = v1alpha1.Always
 	}
@@ -326,9 +386,31 @@ func SetDefaultsImagePullJob(obj *v1alpha1.ImagePullJob) {
 		obj.Spec.PullPolicy = &v1alpha1.PullPolicy{}
 	}
 	if obj.Spec.PullPolicy.TimeoutSeconds == nil {
-		obj.Spec.PullPolicy.TimeoutSeconds = utilpointer.Int32Ptr(600)
+		obj.Spec.PullPolicy.TimeoutSeconds = ptr.To(int32(600))
 	}
 	if obj.Spec.PullPolicy.BackoffLimit == nil {
-		obj.Spec.PullPolicy.BackoffLimit = utilpointer.Int32Ptr(3)
+		obj.Spec.PullPolicy.BackoffLimit = ptr.To(int32(3))
+	}
+	if obj.Spec.ImagePullPolicy == "" {
+		obj.Spec.ImagePullPolicy = v1alpha1.PullIfNotPresent
+	}
+	if addProtection {
+		controllerutil.AddFinalizer(obj, ProtectionFinalizer)
+	}
+}
+
+// SetDefaultsImageListPullJob  set default values for ImageListPullJob.
+func SetDefaultsImageListPullJob(obj *v1alpha1.ImageListPullJob) {
+	if obj.Spec.CompletionPolicy.Type == "" {
+		obj.Spec.CompletionPolicy.Type = v1alpha1.Always
+	}
+	if obj.Spec.PullPolicy == nil {
+		obj.Spec.PullPolicy = &v1alpha1.PullPolicy{}
+	}
+	if obj.Spec.PullPolicy.TimeoutSeconds == nil {
+		obj.Spec.PullPolicy.TimeoutSeconds = ptr.To(int32(600))
+	}
+	if obj.Spec.PullPolicy.BackoffLimit == nil {
+		obj.Spec.PullPolicy.BackoffLimit = ptr.To(int32(3))
 	}
 }

apis/apps/defaults/v1beta1.go

@@ -17,14 +17,17 @@ limitations under the License.
 package defaults
 
 import (
-	"github.com/openkruise/kruise/apis/apps/v1beta1"
 	appsv1 "k8s.io/api/apps/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	v1 "k8s.io/kubernetes/pkg/apis/core/v1"
-	utilpointer "k8s.io/utils/pointer"
+	"k8s.io/utils/ptr"
+
+	"github.com/openkruise/kruise/apis/apps/v1beta1"
+	"github.com/openkruise/kruise/pkg/features"
+	utilfeature "github.com/openkruise/kruise/pkg/util/feature"
 )
 
-// SetDefaults_StatefulSet set default values for StatefulSet.
+// SetDefaultsStatefulSet set default values for StatefulSet.
 func SetDefaultsStatefulSet(obj *v1beta1.StatefulSet, injectTemplateDefaults bool) {
 	if len(obj.Spec.PodManagementPolicy) == 0 {
 		obj.Spec.PodManagementPolicy = appsv1.OrderedReadyPodManagement
@@ -32,17 +35,15 @@ func SetDefaultsStatefulSet(obj *v1beta1.StatefulSet, injectTemplateDefaults boo
 
 	if obj.Spec.UpdateStrategy.Type == "" {
 		obj.Spec.UpdateStrategy.Type = appsv1.RollingUpdateStatefulSetStrategyType
-
-		// UpdateStrategy.RollingUpdate will take default values below.
-		obj.Spec.UpdateStrategy.RollingUpdate = &v1beta1.RollingUpdateStatefulSetStrategy{}
 	}
 
 	if obj.Spec.UpdateStrategy.Type == appsv1.RollingUpdateStatefulSetStrategyType {
 		if obj.Spec.UpdateStrategy.RollingUpdate == nil {
+			// UpdateStrategy.RollingUpdate will take default values below.
 			obj.Spec.UpdateStrategy.RollingUpdate = &v1beta1.RollingUpdateStatefulSetStrategy{}
 		}
 		if obj.Spec.UpdateStrategy.RollingUpdate.Partition == nil {
-			obj.Spec.UpdateStrategy.RollingUpdate.Partition = utilpointer.Int32Ptr(0)
+			obj.Spec.UpdateStrategy.RollingUpdate.Partition = ptr.To(int32(0))
 		}
 		if obj.Spec.UpdateStrategy.RollingUpdate.MaxUnavailable == nil {
 			maxUnavailable := intstr.FromInt(1)
@@ -52,15 +53,33 @@ func SetDefaultsStatefulSet(obj *v1beta1.StatefulSet, injectTemplateDefaults boo
 			obj.Spec.UpdateStrategy.RollingUpdate.PodUpdatePolicy = v1beta1.RecreatePodUpdateStrategyType
 		}
 		if obj.Spec.UpdateStrategy.RollingUpdate.MinReadySeconds == nil {
-			obj.Spec.UpdateStrategy.RollingUpdate.MinReadySeconds = utilpointer.Int32Ptr(0)
+			obj.Spec.UpdateStrategy.RollingUpdate.MinReadySeconds = ptr.To(int32(0))
+		}
+	}
+
+	if utilfeature.DefaultFeatureGate.Enabled(features.StatefulSetAutoDeletePVC) {
+		if obj.Spec.PersistentVolumeClaimRetentionPolicy == nil {
+			obj.Spec.PersistentVolumeClaimRetentionPolicy = &v1beta1.StatefulSetPersistentVolumeClaimRetentionPolicy{}
+		}
+		if len(obj.Spec.PersistentVolumeClaimRetentionPolicy.WhenDeleted) == 0 {
+			obj.Spec.PersistentVolumeClaimRetentionPolicy.WhenDeleted = v1beta1.RetainPersistentVolumeClaimRetentionPolicyType
+		}
+		if len(obj.Spec.PersistentVolumeClaimRetentionPolicy.WhenScaled) == 0 {
+			obj.Spec.PersistentVolumeClaimRetentionPolicy.WhenScaled = v1beta1.RetainPersistentVolumeClaimRetentionPolicyType
+		}
+	}
+
+	if utilfeature.DefaultFeatureGate.Enabled(features.StatefulSetAutoResizePVCGate) {
+		if obj.Spec.VolumeClaimUpdateStrategy.Type == "" {
+			obj.Spec.VolumeClaimUpdateStrategy.Type = v1beta1.OnPVCDeleteVolumeClaimUpdateStrategyType
 		}
 	}
 
 	if obj.Spec.Replicas == nil {
-		obj.Spec.Replicas = utilpointer.Int32Ptr(1)
+		obj.Spec.Replicas = ptr.To(int32(1))
 	}
 	if obj.Spec.RevisionHistoryLimit == nil {
-		obj.Spec.RevisionHistoryLimit = utilpointer.Int32Ptr(10)
+		obj.Spec.RevisionHistoryLimit = ptr.To(int32(10))
 	}
 
 	if injectTemplateDefaults {

apis/apps/pub/inplace_update.go

@@ -52,7 +52,7 @@ type InPlaceUpdateState struct {
 	// Revision is the updated revision hash.
 	Revision string `json:"revision"`
 
-	// UpdateTimestamp is the time when the in-place update happens.
+	// UpdateTimestamp is the start time when the in-place update happens.
 	UpdateTimestamp metav1.Time `json:"updateTimestamp"`
 
 	// LastContainerStatuses records the before-in-place-update container statuses. It is a map from ContainerName
@@ -61,6 +61,40 @@ type InPlaceUpdateState struct {
 
 	// UpdateEnvFromMetadata indicates there are envs from annotations/labels that should be in-place update.
 	UpdateEnvFromMetadata bool `json:"updateEnvFromMetadata,omitempty"`
+
+	// UpdateResources indicates there are resources that should be in-place update.
+	UpdateResources bool `json:"updateResources,omitempty"`
+
+	// UpdateImages indicates there are images that should be in-place update.
+	UpdateImages bool `json:"updateImages,omitempty"`
+
+	// NextContainerImages is the containers with lower priority that waiting for in-place update images in next batch.
+	NextContainerImages map[string]string `json:"nextContainerImages,omitempty"`
+
+	// NextContainerRefMetadata is the containers with lower priority that waiting for in-place update labels/annotations in next batch.
+	NextContainerRefMetadata map[string]metav1.ObjectMeta `json:"nextContainerRefMetadata,omitempty"`
+
+	// NextContainerResources is the containers with lower priority that waiting for in-place update resources in next batch.
+	NextContainerResources map[string]v1.ResourceRequirements `json:"nextContainerResources,omitempty"`
+
+	// PreCheckBeforeNext is the pre-check that must pass before the next containers can be in-place update.
+	PreCheckBeforeNext *InPlaceUpdatePreCheckBeforeNext `json:"preCheckBeforeNext,omitempty"`
+
+	// ContainerBatchesRecord records the update batches that have patched in this revision.
+	ContainerBatchesRecord []InPlaceUpdateContainerBatch `json:"containerBatchesRecord,omitempty"`
+}
+
+// InPlaceUpdatePreCheckBeforeNext contains the pre-check that must pass before the next containers can be in-place update.
+type InPlaceUpdatePreCheckBeforeNext struct {
+	ContainersRequiredReady []string `json:"containersRequiredReady,omitempty"`
+}
+
+// InPlaceUpdateContainerBatch indicates the timestamp and containers for a batch update
+type InPlaceUpdateContainerBatch struct {
+	// Timestamp is the time for this update batch
+	Timestamp metav1.Time `json:"timestamp"`
+	// Containers is the name list of containers for this update batch
+	Containers []string `json:"containers"`
 }
 
 // InPlaceUpdateContainerStatus records the statuses of the container that are mainly used

apis/apps/pub/launch_priority.go

@@ -0,0 +1,36 @@
+/*
+Copyright 2021 The Kruise Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package pub
+
+const (
+	// ContainerLaunchPriorityEnvName is the env name that users have to define in pod container
+	// to identity the launch priority of this container.
+	ContainerLaunchPriorityEnvName = "KRUISE_CONTAINER_PRIORITY"
+	// ContainerLaunchBarrierEnvName is the env name that Kruise webhook will inject into containers
+	// if the pod have configured launch priority.
+	ContainerLaunchBarrierEnvName = "KRUISE_CONTAINER_BARRIER"
+
+	// ContainerLaunchPriorityKey is the annotation key that users could define in pod annotation
+	// to make containers in pod launched by ordinal.
+	ContainerLaunchPriorityKey = "apps.kruise.io/container-launch-priority"
+	// ContainerLaunchOrdered is the annotation value that indicates containers in pod should be launched by ordinal.
+	ContainerLaunchOrdered = "Ordered"
+
+	// ContainerLaunchPriorityCompletedKey is the annotation indicates the pod has all its priorities
+	// patched into its barrier configmap.
+	ContainerLaunchPriorityCompletedKey = "apps.kruise.io/container-launch-priority-completed"
+)

apis/apps/pub/lifecycle.go

@@ -20,10 +20,22 @@ const (
 	LifecycleStateKey     = "lifecycle.apps.kruise.io/state"
 	LifecycleTimestampKey = "lifecycle.apps.kruise.io/timestamp"
 
-	LifecycleStateNormal          LifecycleStateType = "Normal"
+	// LifecycleStatePreparingNormal means the Pod is created but unavailable.
+	// It will translate to Normal state if Lifecycle.PreNormal is hooked.
+	LifecycleStatePreparingNormal LifecycleStateType = "PreparingNormal"
+	// LifecycleStateNormal is a necessary condition for Pod to be available.
+	LifecycleStateNormal LifecycleStateType = "Normal"
+	// LifecycleStatePreparingUpdate means pod is being prepared to update.
+	// It will translate to Updating state if Lifecycle.InPlaceUpdate is Not hooked.
 	LifecycleStatePreparingUpdate LifecycleStateType = "PreparingUpdate"
-	LifecycleStateUpdating        LifecycleStateType = "Updating"
-	LifecycleStateUpdated         LifecycleStateType = "Updated"
+	// LifecycleStateUpdating means the Pod is being updated.
+	// It will translate to Updated state if the in-place update of the Pod is done.
+	LifecycleStateUpdating LifecycleStateType = "Updating"
+	// LifecycleStateUpdated means the Pod is updated, but unavailable.
+	// It will translate to Normal state if Lifecycle.InPlaceUpdate is hooked.
+	LifecycleStateUpdated LifecycleStateType = "Updated"
+	// LifecycleStatePreparingDelete means the Pod is prepared to delete.
+	// The Pod will be deleted by workload if Lifecycle.PreDelete is Not hooked.
 	LifecycleStatePreparingDelete LifecycleStateType = "PreparingDelete"
 )
 
@@ -35,9 +47,17 @@ type Lifecycle struct {
 	PreDelete *LifecycleHook `json:"preDelete,omitempty"`
 	// InPlaceUpdate is the hook before Pod to update and after Pod has been updated.
 	InPlaceUpdate *LifecycleHook `json:"inPlaceUpdate,omitempty"`
+	// PreNormal is the hook after Pod to be created and ready to be Normal.
+	PreNormal *LifecycleHook `json:"preNormal,omitempty"`
 }
 
 type LifecycleHook struct {
 	LabelsHandler     map[string]string `json:"labelsHandler,omitempty"`
 	FinalizersHandler []string          `json:"finalizersHandler,omitempty"`
+	// MarkPodNotReady = true means:
+	// - Pod will be set to 'NotReady' at preparingDelete/preparingUpdate state.
+	// - Pod will be restored to 'Ready' at Updated state if it was set to 'NotReady' at preparingUpdate state.
+	// Currently, MarkPodNotReady only takes effect on InPlaceUpdate & PreDelete hook.
+	// Default to false.
+	MarkPodNotReady bool `json:"markPodNotReady,omitempty"`
 }

apis/apps/pub/pod_readiness_gate.go

@@ -19,5 +19,12 @@ package pub
 import v1 "k8s.io/api/core/v1"
 
 const (
+	// KruisePodReadyConditionType can support multiple writers, such as:
+	// - ContainerRecreateRequest;
+	// - Workload controller, including CloneSet, Advanced StatefulSet, Advanced Daemonset.
+	//
+	// If its corresponding condition status was set to "False" by multiple writers,
+	// the condition status will be considered as "True" only when all these writers
+	// set it to "True".
 	KruisePodReadyConditionType v1.PodConditionType = "KruisePodReady"
 )

apis/apps/pub/pod_unavailable_label.go

@@ -0,0 +1,40 @@
+/*
+Copyright 2022 The Kruise Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package pub
+
+import (
+	"strings"
+)
+
+const (
+	// PubUnavailablePodLabelPrefix indicates if the pod has this label, both kruise workload and
+	// pub will determine that the pod is unavailable, even if pod.status.ready=true.
+	// Main users non-destructive offline and other scenarios
+	PubUnavailablePodLabelPrefix = "unavailable-pod.kruise.io/"
+)
+
+func HasUnavailableLabel(labels map[string]string) bool {
+	if len(labels) == 0 {
+		return false
+	}
+	for key := range labels {
+		if strings.HasPrefix(key, PubUnavailablePodLabelPrefix) {
+			return true
+		}
+	}
+	return false
+}

apis/apps/pub/update_priority.go

@@ -40,7 +40,7 @@ type UpdatePriorityStrategy struct {
 	WeightPriority []UpdatePriorityWeightTerm `json:"weightPriority,omitempty"`
 }
 
-// UpdatePriorityOrder defines order priority.
+// UpdatePriorityOrderTerm defines order priority.
 type UpdatePriorityOrderTerm struct {
 	// Calculate priority by value of this key.
 	// Values of this key, will be sorted by GetInt(val). GetInt method will find the last int in value,

apis/apps/pub/zz_generated.deepcopy.go

@@ -1,4 +1,4 @@
-// +build !ignore_autogenerated
+//go:build !ignore_autogenerated
 
 /*
 Copyright 2021 The Kruise Authors.
@@ -20,7 +20,31 @@ limitations under the License.
 
 package pub
 
-import ()
+import (
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *InPlaceUpdateContainerBatch) DeepCopyInto(out *InPlaceUpdateContainerBatch) {
+	*out = *in
+	in.Timestamp.DeepCopyInto(&out.Timestamp)
+	if in.Containers != nil {
+		in, out := &in.Containers, &out.Containers
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InPlaceUpdateContainerBatch.
+func (in *InPlaceUpdateContainerBatch) DeepCopy() *InPlaceUpdateContainerBatch {
+	if in == nil {
+		return nil
+	}
+	out := new(InPlaceUpdateContainerBatch)
+	in.DeepCopyInto(out)
+	return out
+}
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *InPlaceUpdateContainerStatus) DeepCopyInto(out *InPlaceUpdateContainerStatus) {
@@ -37,6 +61,26 @@ func (in *InPlaceUpdateContainerStatus) DeepCopy() *InPlaceUpdateContainerStatus
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *InPlaceUpdatePreCheckBeforeNext) DeepCopyInto(out *InPlaceUpdatePreCheckBeforeNext) {
+	*out = *in
+	if in.ContainersRequiredReady != nil {
+		in, out := &in.ContainersRequiredReady, &out.ContainersRequiredReady
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InPlaceUpdatePreCheckBeforeNext.
+func (in *InPlaceUpdatePreCheckBeforeNext) DeepCopy() *InPlaceUpdatePreCheckBeforeNext {
+	if in == nil {
+		return nil
+	}
+	out := new(InPlaceUpdatePreCheckBeforeNext)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *InPlaceUpdateState) DeepCopyInto(out *InPlaceUpdateState) {
 	*out = *in
@@ -48,6 +92,39 @@ func (in *InPlaceUpdateState) DeepCopyInto(out *InPlaceUpdateState) {
 			(*out)[key] = val
 		}
 	}
+	if in.NextContainerImages != nil {
+		in, out := &in.NextContainerImages, &out.NextContainerImages
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.NextContainerRefMetadata != nil {
+		in, out := &in.NextContainerRefMetadata, &out.NextContainerRefMetadata
+		*out = make(map[string]v1.ObjectMeta, len(*in))
+		for key, val := range *in {
+			(*out)[key] = *val.DeepCopy()
+		}
+	}
+	if in.NextContainerResources != nil {
+		in, out := &in.NextContainerResources, &out.NextContainerResources
+		*out = make(map[string]corev1.ResourceRequirements, len(*in))
+		for key, val := range *in {
+			(*out)[key] = *val.DeepCopy()
+		}
+	}
+	if in.PreCheckBeforeNext != nil {
+		in, out := &in.PreCheckBeforeNext, &out.PreCheckBeforeNext
+		*out = new(InPlaceUpdatePreCheckBeforeNext)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ContainerBatchesRecord != nil {
+		in, out := &in.ContainerBatchesRecord, &out.ContainerBatchesRecord
+		*out = make([]InPlaceUpdateContainerBatch, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InPlaceUpdateState.
@@ -88,6 +165,11 @@ func (in *Lifecycle) DeepCopyInto(out *Lifecycle) {
 		*out = new(LifecycleHook)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.PreNormal != nil {
+		in, out := &in.PreNormal, &out.PreNormal
+		*out = new(LifecycleHook)
+		(*in).DeepCopyInto(*out)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Lifecycle.

apis/apps/v1alpha1/advancedcronjob_types.go

@@ -17,7 +17,7 @@ limitations under the License.
 package v1alpha1
 
 import (
-	batchv1beta1 "k8s.io/api/batch/v1beta1"
+	batchv1 "k8s.io/api/batch/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -31,7 +31,10 @@ type AdvancedCronJobSpec struct {
 	// The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron.
 	Schedule string `json:"schedule" protobuf:"bytes,1,opt,name=schedule"`
 
-	// +kubebuilder:validation:Minimum=0
+	// The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones.
+	// If not specified, this will default to the time zone of the kruise-controller-manager process.
+	// +optional
+	TimeZone *string `json:"timeZone,omitempty" protobuf:"bytes,8,opt,name=timeZone"`
 
 	// Optional deadline in seconds for starting the job if it misses scheduled
 	// time for any reason.  Missed jobs executions will be counted as failed ones.
@@ -50,15 +53,11 @@ type AdvancedCronJobSpec struct {
 	// +optional
 	Paused *bool `json:"paused,omitempty" protobuf:"bytes,4,opt,name=paused"`
 
-	// +kubebuilder:validation:Minimum=0
-
 	// The number of successful finished jobs to retain.
 	// This is a pointer to distinguish between explicit zero and not specified.
 	// +optional
 	SuccessfulJobsHistoryLimit *int32 `json:"successfulJobsHistoryLimit,omitempty" protobuf:"varint,5,opt,name=successfulJobsHistoryLimit"`
 
-	// +kubebuilder:validation:Minimum=0
-
 	// The number of failed finished jobs to retain.
 	// This is a pointer to distinguish between explicit zero and not specified.
 	// +optional
@@ -71,7 +70,9 @@ type AdvancedCronJobSpec struct {
 type CronJobTemplate struct {
 	// Specifies the job that will be created when executing a CronJob.
 	// +optional
-	JobTemplate *batchv1beta1.JobTemplateSpec `json:"jobTemplate,omitempty" protobuf:"bytes,1,opt,name=jobTemplate"`
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
+	JobTemplate *batchv1.JobTemplateSpec `json:"jobTemplate,omitempty" protobuf:"bytes,1,opt,name=jobTemplate"`
 
 	// Specifies the broadcastjob that will be created when executing a BroadcastCronJob.
 	// +optional

apis/apps/v1alpha1/broadcastjob_types.go

@@ -32,10 +32,12 @@ type BroadcastJobSpec struct {
 	Parallelism *intstr.IntOrString `json:"parallelism,omitempty" protobuf:"varint,1,opt,name=parallelism"`
 
 	// Template describes the pod that will be created when executing a job.
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
 	Template v1.PodTemplateSpec `json:"template" protobuf:"bytes,2,opt,name=template"`
 
 	// CompletionPolicy indicates the completion policy of the job.
-	// Default is Always CompletionPolicyType
+	// Default is Always CompletionPolicyType.
 	// +optional
 	CompletionPolicy CompletionPolicy `json:"completionPolicy" protobuf:"bytes,3,opt,name=completionPolicy"`
 
@@ -50,8 +52,8 @@ type BroadcastJobSpec struct {
 
 // CompletionPolicy indicates the completion policy for the job
 type CompletionPolicy struct {
-	// Type indicates the type of the CompletionPolicy
-	// Default is Always
+	// Type indicates the type of the CompletionPolicy.
+	// Default is Always.
 	Type CompletionPolicyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type,casttype=CompletionPolicyType"`
 
 	// ActiveDeadlineSeconds specifies the duration in seconds relative to the startTime that the job may be active
@@ -81,8 +83,8 @@ const (
 	// Always means the job will eventually finish on these conditions:
 	// 1) after all pods on the desired nodes are completed (regardless succeeded or failed),
 	// 2) exceeds ActiveDeadlineSeconds,
-	// 3) exceeds BackoffLimit.
-	// This is the default CompletionPolicyType
+	// 3) exceeds RestartLimit.
+	// This is the default CompletionPolicyType.
 	Always CompletionPolicyType = "Always"
 
 	// Never means the job will be kept alive after all pods on the desired nodes are completed.
@@ -151,6 +153,7 @@ const (
 // FailurePolicy indicates the behavior of the job, when failed pod is found.
 type FailurePolicy struct {
 	// Type indicates the type of FailurePolicyType.
+	// Default is FailurePolicyTypeFailFast.
 	Type FailurePolicyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type,casttype=FailurePolicyType"`
 
 	// RestartLimit specifies the number of retries before marking the pod failed.
@@ -165,9 +168,10 @@ const (
 	FailurePolicyTypeContinue FailurePolicyType = "Continue"
 
 	// FailurePolicyTypeFailFast means the job will be failed, when failed pod is found.
+	// This is the default FailurePolicyType.
 	FailurePolicyTypeFailFast FailurePolicyType = "FailFast"
 
-	// FailurePolicyTypePause means the the job will be paused, when failed pod is found.
+	// FailurePolicyTypePause means the job will be paused, when failed pod is found.
 	FailurePolicyTypePause FailurePolicyType = "Pause"
 )
 
@@ -183,7 +187,7 @@ const (
 	JobComplete JobConditionType = "Complete"
 
 	// JobFailed means the job has failed its execution. A failed job means the job has either exceeded the
-	// ActiveDeadlineSeconds limit, or the aggregated number of container restarts for all pods have exceeded the BackoffLimit.
+	// ActiveDeadlineSeconds limit, or the aggregated number of container restarts for all pods have exceeded the RestartLimit.
 	JobFailed JobConditionType = "Failed"
 )
 

apis/apps/v1alpha1/cloneset_types.go

@@ -17,10 +17,11 @@ limitations under the License.
 package v1alpha1
 
 import (
-	appspub "github.com/openkruise/kruise/apis/apps/pub"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
+
+	appspub "github.com/openkruise/kruise/apis/apps/pub"
 )
 
 const (
@@ -30,6 +31,10 @@ const (
 
 	// DefaultCloneSetMaxUnavailable is the default value of maxUnavailable for CloneSet update strategy.
 	DefaultCloneSetMaxUnavailable = "20%"
+
+	// CloneSetScalingExcludePreparingDeleteKey is the label key that enables scalingExcludePreparingDelete
+	// only for this CloneSet, which means it will calculate scale number excluding Pods in PreparingDelete state.
+	CloneSetScalingExcludePreparingDeleteKey = "apps.kruise.io/cloneset-scaling-exclude-preparing-delete"
 )
 
 // CloneSetSpec defines the desired state of CloneSet
@@ -46,10 +51,14 @@ type CloneSetSpec struct {
 	Selector *metav1.LabelSelector `json:"selector"`
 
 	// Template describes the pods that will be created.
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
 	Template v1.PodTemplateSpec `json:"template"`
 
 	// VolumeClaimTemplates is a list of claims that pods are allowed to reference.
 	// Note that PVC will be deleted when its pod has been deleted.
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
 	VolumeClaimTemplates []v1.PersistentVolumeClaim `json:"volumeClaimTemplates,omitempty"`
 
 	// ScaleStrategy indicates the ScaleStrategy that will be employed to
@@ -71,7 +80,7 @@ type CloneSetSpec struct {
 	// Defaults to 0 (pod will be considered available as soon as it is ready)
 	MinReadySeconds int32 `json:"minReadySeconds,omitempty"`
 
-	// Lifecycle defines the lifecycle hooks for Pods pre-delete, in-place update.
+	// Lifecycle defines the lifecycle hooks for Pods pre-available(pre-normal), pre-delete, in-place update.
 	Lifecycle *appspub.Lifecycle `json:"lifecycle,omitempty"`
 }
 
@@ -80,6 +89,15 @@ type CloneSetScaleStrategy struct {
 	// PodsToDelete is the names of Pod should be deleted.
 	// Note that this list will be truncated for non-existing pod names.
 	PodsToDelete []string `json:"podsToDelete,omitempty"`
+	// The maximum number of pods that can be unavailable for scaled pods.
+	// This field can control the changes rate of replicas for CloneSet so as to minimize the impact for users' service.
+	// The scale will fail if the number of unavailable pods were greater than this MaxUnavailable at scaling up.
+	// MaxUnavailable works only when scaling up.
+	MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty"`
+
+	// Indicate if cloneSet will reuse already existed pvc to
+	// rebuild a new pod
+	DisablePVCReuse bool `json:"disablePVCReuse,omitempty"`
 }
 
 // CloneSetUpdateStrategy defines strategies for pods update.
@@ -159,6 +177,16 @@ type CloneSetStatus struct {
 	// indicated by updateRevision and have a Ready Condition.
 	UpdatedReadyReplicas int32 `json:"updatedReadyReplicas"`
 
+	// UpdatedAvailableReplicas is the number of Pods created by the CloneSet controller from the CloneSet version
+	// indicated by updateRevision and have a Ready Condition for at least minReadySeconds.
+	// Notice: when enable InPlaceWorkloadVerticalScaling, pod during resource resizing will also be unavailable.
+	// This means these pod will be counted in maxUnavailable.
+	UpdatedAvailableReplicas int32 `json:"updatedAvailableReplicas,omitempty"`
+
+	// ExpectedUpdatedReplicas is the number of Pods that should be updated by CloneSet controller.
+	// This field is calculated via Replicas - Partition.
+	ExpectedUpdatedReplicas int32 `json:"expectedUpdatedReplicas,omitempty"`
+
 	// UpdateRevision, if not empty, indicates the latest revision of the CloneSet.
 	UpdateRevision string `json:"updateRevision,omitempty"`
 
@@ -212,6 +240,7 @@ type CloneSetCondition struct {
 // +kubebuilder:printcolumn:name="DESIRED",type="integer",JSONPath=".spec.replicas",description="The desired number of pods."
 // +kubebuilder:printcolumn:name="UPDATED",type="integer",JSONPath=".status.updatedReplicas",description="The number of pods updated."
 // +kubebuilder:printcolumn:name="UPDATED_READY",type="integer",JSONPath=".status.updatedReadyReplicas",description="The number of pods updated and ready."
+// +kubebuilder:printcolumn:name="UPDATED_AVAILABLE",type="integer",JSONPath=".status.updatedAvailableReplicas",description="The number of pods updated and available."
 // +kubebuilder:printcolumn:name="READY",type="integer",JSONPath=".status.readyReplicas",description="The number of pods ready."
 // +kubebuilder:printcolumn:name="TOTAL",type="integer",JSONPath=".status.replicas",description="The number of currently all pods."
 // +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC."

apis/apps/v1alpha1/containerrecreaterequest_types.go

@@ -22,8 +22,6 @@ import (
 )
 
 const (
-	// [Immutable] Pod name of this ContainerRecreateRequest.
-	ContainerRecreateRequestPodNameKey = "crr.apps.kruise.io/pod-name"
 	// [Immutable] Pod UID of this ContainerRecreateRequest.
 	ContainerRecreateRequestPodUIDKey = "crr.apps.kruise.io/pod-uid"
 	// [Immutable] Node name of this ContainerRecreateRequest.
@@ -46,7 +44,9 @@ type ContainerRecreateRequestSpec struct {
 	// PodName is name of the Pod that owns the recreated containers.
 	PodName string `json:"podName"`
 	// Containers contains the containers that need to recreate in the Pod.
-	Containers []ContainerRecreateRequestContainer `json:"containers"`
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	Containers []ContainerRecreateRequestContainer `json:"containers" patchStrategy:"merge" patchMergeKey:"name"`
 	// Strategy defines strategies for containers recreation.
 	Strategy *ContainerRecreateRequestStrategy `json:"strategy,omitempty"`
 	// ActiveDeadlineSeconds is the deadline duration of this ContainerRecreateRequest.
@@ -63,7 +63,7 @@ type ContainerRecreateRequestContainer struct {
 	// PreStop is synced from the real container in Pod spec during this ContainerRecreateRequest creating.
 	// Populated by the system.
 	// Read-only.
-	PreStop *v1.Handler `json:"preStop,omitempty"`
+	PreStop *ProbeHandler `json:"preStop,omitempty"`
 	// Ports is synced from the real container in Pod spec during this ContainerRecreateRequest creating.
 	// Populated by the system.
 	// Read-only.
@@ -74,6 +74,23 @@ type ContainerRecreateRequestContainer struct {
 	StatusContext *ContainerRecreateRequestContainerContext `json:"statusContext,omitempty"`
 }
 
+// ProbeHandler defines a specific action that should be taken
+// TODO(FillZpp): improve the definition when openkruise/kruise updates to k8s 1.23
+type ProbeHandler struct {
+	// One and only one of the following should be specified.
+	// Exec specifies the action to take.
+	// +optional
+	Exec *v1.ExecAction `json:"exec,omitempty" protobuf:"bytes,1,opt,name=exec"`
+	// HTTPGet specifies the http request to perform.
+	// +optional
+	HTTPGet *v1.HTTPGetAction `json:"httpGet,omitempty" protobuf:"bytes,2,opt,name=httpGet"`
+	// TCPSocket specifies an action involving a TCP port.
+	// TCP hooks not yet supported
+	// TODO: implement a realistic TCP lifecycle hook
+	// +optional
+	TCPSocket *v1.TCPSocketAction `json:"tcpSocket,omitempty" protobuf:"bytes,3,opt,name=tcpSocket"`
+}
+
 // ContainerRecreateRequestContainerContext contains context status of the container that need to recreate.
 type ContainerRecreateRequestContainerContext struct {
 	// Container's ID in the format 'docker://<container_id>'.
@@ -91,6 +108,8 @@ type ContainerRecreateRequestStrategy struct {
 	FailurePolicy ContainerRecreateRequestFailurePolicyType `json:"failurePolicy,omitempty"`
 	// OrderedRecreate indicates whether to recreate the next container only if the previous one has recreated completely.
 	OrderedRecreate bool `json:"orderedRecreate,omitempty"`
+	// ForceRecreate indicates whether to force kill the container even if the previous container is starting.
+	ForceRecreate bool `json:"forceRecreate,omitempty"`
 	// TerminationGracePeriodSeconds is the optional duration in seconds to wait the container terminating gracefully.
 	// Value must be non-negative integer. The value zero indicates delete immediately.
 	// If this value is nil, we will use pod.Spec.TerminationGracePeriodSeconds as default value.
@@ -143,6 +162,8 @@ type ContainerRecreateRequestContainerRecreateState struct {
 	Phase ContainerRecreateRequestPhase `json:"phase"`
 	// A human readable message indicating details about this state.
 	Message string `json:"message,omitempty"`
+	// Containers are killed by kruise daemon
+	IsKilled bool `json:"isKilled,omitempty"`
 }
 
 // ContainerRecreateRequestSyncContainerStatus only uses in the annotation `crr.apps.kruise.io/sync-container-statuses`.

apis/apps/v1alpha1/daemonset_types.go

@@ -17,20 +17,23 @@ limitations under the License.
 package v1alpha1
 
 import (
+	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
+
+	appspub "github.com/openkruise/kruise/apis/apps/pub"
 )
 
 // DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet.
 type DaemonSetUpdateStrategy struct {
 	// Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
 	// +optional
-	Type DaemonSetUpdateStrategyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type"`
+	Type DaemonSetUpdateStrategyType `json:"type,omitempty"`
 
 	// Rolling update config params. Present only if type = "RollingUpdate".
 	// +optional
-	RollingUpdate *RollingUpdateDaemonSet `json:"rollingUpdate,omitempty" protobuf:"bytes,2,opt,name=rollingUpdate"`
+	RollingUpdate *RollingUpdateDaemonSet `json:"rollingUpdate,omitempty"`
 }
 
 type DaemonSetUpdateStrategyType string
@@ -43,69 +46,76 @@ const (
 	// Replace the old daemons only when it's killed
 	OnDeleteDaemonSetStrategyType DaemonSetUpdateStrategyType = "OnDelete"
 
-	// StandardRollingUpdateType replace the old daemons by new ones using rolling update i.e replace them on each node one after the other.
-	// this is the default type for RollingUpdate.
+	// StandardRollingUpdateType is the Standard way that update pods with recreation that sames to the upstream DaemonSet.
 	StandardRollingUpdateType RollingUpdateType = "Standard"
 
-	// Replace container image without killing the pod.
+	// InplaceRollingUpdateType update container image without killing the pod if possible.
 	InplaceRollingUpdateType RollingUpdateType = "InPlaceIfPossible"
 
-	// SurgingRollingUpdateType replaces the old daemons by new ones using rolling update i.e replace them on each node one
-	// after the other, creating the new pod and then killing the old one.
-	SurgingRollingUpdateType RollingUpdateType = "Surging"
+	// DeprecatedSurgingRollingUpdateType is a depreciated alias for Standard.
+	// Deprecated: Just use Standard instead.
+	DeprecatedSurgingRollingUpdateType RollingUpdateType = "Surging"
 )
 
 // Spec to control the desired behavior of daemon set rolling update.
 type RollingUpdateDaemonSet struct {
 	// Type is to specify which kind of rollingUpdate.
-	Type RollingUpdateType `json:"rollingUpdateType,omitempty" protobuf:"bytes,1,opt,name=rollingUpdateType"`
+	Type RollingUpdateType `json:"rollingUpdateType,omitempty"`
 
 	// The maximum number of DaemonSet pods that can be unavailable during the
 	// update. Value can be an absolute number (ex: 5) or a percentage of total
 	// number of DaemonSet pods at the start of the update (ex: 10%). Absolute
 	// number is calculated from percentage by rounding up.
-	// This cannot be 0.
+	// This cannot be 0 if MaxSurge is 0
 	// Default value is 1.
 	// Example: when this is set to 30%, at most 30% of the total number of nodes
 	// that should be running the daemon pod (i.e. status.desiredNumberScheduled)
-	// can have their pods stopped for an update at any given
-	// time. The update starts by stopping at most 30% of those DaemonSet pods
-	// and then brings up new DaemonSet pods in their place. Once the new pods
-	// are available, it then proceeds onto other DaemonSet pods, thus ensuring
-	// that at least 70% of original number of DaemonSet pods are available at
-	// all times during the update.
+	// can have their pods stopped for an update at any given time. The update
+	// starts by stopping at most 30% of those DaemonSet pods and then brings
+	// up new DaemonSet pods in their place. Once the new pods are available,
+	// it then proceeds onto other DaemonSet pods, thus ensuring that at least
+	// 70% of original number of DaemonSet pods are available at all times during
+	// the update.
 	// +optional
-	MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty" protobuf:"bytes,2,opt,name=maxUnavailable"`
+	MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty"`
+
+	// The maximum number of nodes with an existing available DaemonSet pod that
+	// can have an updated DaemonSet pod during during an update.
+	// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+	// This can not be 0 if MaxUnavailable is 0.
+	// Absolute number is calculated from percentage by rounding up to a minimum of 1.
+	// Default value is 0.
+	// Example: when this is set to 30%, at most 30% of the total number of nodes
+	// that should be running the daemon pod (i.e. status.desiredNumberScheduled)
+	// can have their a new pod created before the old pod is marked as deleted.
+	// The update starts by launching new pods on 30% of nodes. Once an updated
+	// pod is available (Ready for at least minReadySeconds) the old DaemonSet pod
+	// on that node is marked deleted. If the old pod becomes unavailable for any
+	// reason (Ready transitions to false, is evicted, or is drained) an updated
+	// pod is immediately created on that node without considering surge limits.
+	// Allowing surge implies the possibility that the resources consumed by the
+	// daemonset on any given node can double if the readiness check fails, and
+	// so resource intensive daemonsets should take into account that they may
+	// cause evictions during disruption.
+	// This is beta field and enabled/disabled by DaemonSetUpdateSurge feature gate.
+	// +optional
+	MaxSurge *intstr.IntOrString `json:"maxSurge,omitempty"`
 
 	// A label query over nodes that are managed by the daemon set RollingUpdate.
 	// Must match in order to be controlled.
 	// It must match the node's labels.
-	Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,3,opt,name=selector"`
+	Selector *metav1.LabelSelector `json:"selector,omitempty"`
 
 	// The number of DaemonSet pods remained to be old version.
 	// Default value is 0.
 	// Maximum value is status.DesiredNumberScheduled, which means no pod will be updated.
 	// +optional
-	Partition *int32 `json:"partition,omitempty" protobuf:"varint,4,opt,name=partition"`
+	Partition *int32 `json:"partition,omitempty"`
 
 	// Indicates that the daemon set is paused and will not be processed by the
 	// daemon set controller.
 	// +optional
-	Paused *bool `json:"paused,omitempty" protobuf:"varint,5,opt,name=paused"`
-
-	// Only when type=SurgingRollingUpdateType, it works.
-	// The maximum number of DaemonSet pods that can be scheduled above the desired number of pods
-	// during the update. Value can be an absolute number (ex: 5) or a percentage of the total number
-	// of DaemonSet pods at the start of the update (ex: 10%). The absolute number is calculated from
-	// the percentage by rounding up. This cannot be 0. The default value is 1. Example: when this is
-	// set to 30%, at most 30% of the total number of nodes that should be running the daemon pod
-	// (i.e. status.desiredNumberScheduled) can have 2 pods running at any given time. The update
-	// starts by starting replacements for at most 30% of those DaemonSet pods. Once the new pods are
-	// available it then stops the existing pods before proceeding onto other DaemonSet pods, thus
-	// ensuring that at most 130% of the desired final number of DaemonSet  pods are running at all
-	// times during the update.
-	// +optional
-	MaxSurge *intstr.IntOrString `json:"maxSurge,omitempty" protobuf:"bytes,7,opt,name=maxSurge"`
+	Paused *bool `json:"paused,omitempty"`
 }
 
 // DaemonSetSpec defines the desired state of DaemonSet
@@ -117,35 +127,42 @@ type DaemonSetSpec struct {
 	// Must match in order to be controlled.
 	// It must match the pod template's labels.
 	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
-	Selector *metav1.LabelSelector `json:"selector" protobuf:"bytes,1,opt,name=selector"`
+	Selector *metav1.LabelSelector `json:"selector"`
 
 	// An object that describes the pod that will be created.
 	// The DaemonSet will create exactly one copy of this pod on every node
 	// that matches the template's node selector (or on every node if no node
 	// selector is specified).
 	// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
-	Template corev1.PodTemplateSpec `json:"template" protobuf:"bytes,2,opt,name=template"`
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
+	Template corev1.PodTemplateSpec `json:"template"`
 
 	// An update strategy to replace existing DaemonSet pods with new pods.
 	// +optional
-	UpdateStrategy DaemonSetUpdateStrategy `json:"updateStrategy,omitempty" protobuf:"bytes,3,opt,name=updateStrategy"`
+	UpdateStrategy DaemonSetUpdateStrategy `json:"updateStrategy,omitempty"`
 
 	// The minimum number of seconds for which a newly created DaemonSet pod should
 	// be ready without any of its container crashing, for it to be considered
 	// available. Defaults to 0 (pod will be considered available as soon as it
 	// is ready).
 	// +optional
-	MinReadySeconds int32 `json:"minReadySeconds,omitempty" protobuf:"varint,4,opt,name=minReadySeconds"`
+	MinReadySeconds int32 `json:"minReadySeconds,omitempty"`
 
 	// BurstReplicas is a rate limiter for booting pods on a lot of pods.
 	// The default value is 250
-	BurstReplicas *intstr.IntOrString `json:"burstReplicas,omitempty" protobuf:"bytes,5,opt,name=burstReplicas"`
+	BurstReplicas *intstr.IntOrString `json:"burstReplicas,omitempty"`
 
 	// The number of old history to retain to allow rollback.
 	// This is a pointer to distinguish between explicit zero and not specified.
 	// Defaults to 10.
 	// +optional
-	RevisionHistoryLimit *int32 `json:"revisionHistoryLimit,omitempty" protobuf:"varint,6,opt,name=revisionHistoryLimit"`
+	RevisionHistoryLimit *int32 `json:"revisionHistoryLimit,omitempty"`
+
+	// Lifecycle defines the lifecycle hooks for Pods pre-delete, in-place update.
+	// Currently, we only support pre-delete hook for Advanced DaemonSet.
+	// +optional
+	Lifecycle *appspub.Lifecycle `json:"lifecycle,omitempty"`
 }
 
 // DaemonSetStatus defines the observed state of DaemonSet
@@ -156,93 +173,67 @@ type DaemonSetStatus struct {
 	// The number of nodes that are running at least 1
 	// daemon pod and are supposed to run the daemon pod.
 	// More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
-	CurrentNumberScheduled int32 `json:"currentNumberScheduled" protobuf:"varint,1,opt,name=currentNumberScheduled"`
+	CurrentNumberScheduled int32 `json:"currentNumberScheduled"`
 
 	// The number of nodes that are running the daemon pod, but are
 	// not supposed to run the daemon pod.
 	// More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
-	NumberMisscheduled int32 `json:"numberMisscheduled" protobuf:"varint,2,opt,name=numberMisscheduled"`
+	NumberMisscheduled int32 `json:"numberMisscheduled"`
 
 	// The total number of nodes that should be running the daemon
 	// pod (including nodes correctly running the daemon pod).
 	// More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
-	DesiredNumberScheduled int32 `json:"desiredNumberScheduled" protobuf:"varint,3,opt,name=desiredNumberScheduled"`
+	DesiredNumberScheduled int32 `json:"desiredNumberScheduled"`
 
 	// The number of nodes that should be running the daemon pod and have one
 	// or more of the daemon pod running and ready.
-	NumberReady int32 `json:"numberReady" protobuf:"varint,4,opt,name=numberReady"`
+	NumberReady int32 `json:"numberReady"`
 
 	// The most recent generation observed by the daemon set controller.
 	// +optional
-	ObservedGeneration int64 `json:"observedGeneration,omitempty" protobuf:"varint,5,opt,name=observedGeneration"`
+	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
 
 	// The total number of nodes that are running updated daemon pod
-	UpdatedNumberScheduled int32 `json:"updatedNumberScheduled" protobuf:"varint,6,opt,name=updatedNumberScheduled"`
+	UpdatedNumberScheduled int32 `json:"updatedNumberScheduled"`
 
 	// The number of nodes that should be running the
 	// daemon pod and have one or more of the daemon pod running and
 	// available (ready for at least spec.minReadySeconds)
 	// +optional
-	NumberAvailable int32 `json:"numberAvailable,omitempty" protobuf:"varint,7,opt,name=numberAvailable"`
+	NumberAvailable int32 `json:"numberAvailable,omitempty"`
 
 	// The number of nodes that should be running the
 	// daemon pod and have none of the daemon pod running and available
 	// (ready for at least spec.minReadySeconds)
 	// +optional
-	NumberUnavailable int32 `json:"numberUnavailable,omitempty" protobuf:"varint,8,opt,name=numberUnavailable"`
+	NumberUnavailable int32 `json:"numberUnavailable,omitempty"`
 
 	// Count of hash collisions for the DaemonSet. The DaemonSet controller
 	// uses this field as a collision avoidance mechanism when it needs to
 	// create the name for the newest ControllerRevision.
 	// +optional
-	CollisionCount *int32 `json:"collisionCount,omitempty" protobuf:"varint,9,opt,name=collisionCount"`
+	CollisionCount *int32 `json:"collisionCount,omitempty"`
 
 	// Represents the latest available observations of a DaemonSet's current state.
 	// +optional
 	// +patchMergeKey=type
 	// +patchStrategy=merge
-	Conditions []DaemonSetCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,10,rep,name=conditions"`
+	Conditions []appsv1.DaemonSetCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
 
 	// DaemonSetHash is the controller-revision-hash, which represents the latest version of the DaemonSet.
-	DaemonSetHash string `json:"daemonSetHash" protobuf:"bytes,11,opt,name=daemonSetHash"`
+	DaemonSetHash string `json:"daemonSetHash"`
 }
 
-type DaemonSetConditionType string
-
-// TODO: Add valid condition types of a DaemonSet.
-
-// DaemonSetCondition describes the state of a DaemonSet at a certain point.
-type DaemonSetCondition struct {
-	// Type of DaemonSet condition.
-	Type DaemonSetConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=DaemonSetConditionType"`
-	// Status of the condition, one of True, False, Unknown.
-	Status corev1.ConditionStatus `json:"status" protobuf:"bytes,2,opt,name=status,casttype=k8s.io/api/core/v1.ConditionStatus"`
-	// Last time the condition transitioned from one status to another.
-	// +optional
-	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty" protobuf:"bytes,3,opt,name=lastTransitionTime"`
-	// The reason for the condition's last transition.
-	// +optional
-	Reason string `json:"reason,omitempty" protobuf:"bytes,4,opt,name=reason"`
-	// A human readable message indicating details about the transition.
-	// +optional
-	Message string `json:"message,omitempty" protobuf:"bytes,5,opt,name=message"`
-}
-
-const (
-	// DefaultDaemonSetUniqueLabelKey is the default label key that is added
-	// to existing DaemonSet pods to distinguish between old and new
-	// DaemonSet pods during DaemonSet template updates.
-	DefaultDaemonSetUniqueLabelKey = ControllerRevisionHashLabelKey
-)
-
 // +genclient
 // +k8s:openapi-gen=true
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
-// +kubebuilder:resource:shortName=daemon
-// +kubebuilder:printcolumn:name="DesiredNumber",type="integer",JSONPath=".status.desiredNumberScheduled",description="The desired number of pods."
-// +kubebuilder:printcolumn:name="CurrentNumber",type="integer",JSONPath=".status.currentNumberScheduled",description="The current number of pods."
-// +kubebuilder:printcolumn:name="UpdatedNumberScheduled",type="integer",JSONPath=".status.updatedNumberScheduled",description="The updated number of pods."
+// +kubebuilder:resource:shortName=daemon;ads
+// +kubebuilder:printcolumn:name="DESIRED",type="integer",JSONPath=".status.desiredNumberScheduled",description="The desired number of pods."
+// +kubebuilder:printcolumn:name="CURRENT",type="integer",JSONPath=".status.currentNumberScheduled",description="The current number of pods."
+// +kubebuilder:printcolumn:name="READY",type="integer",JSONPath=".status.numberReady",description="The ready number of pods."
+// +kubebuilder:printcolumn:name="UP-TO-DATE",type="integer",JSONPath=".status.updatedNumberScheduled",description="The updated number of pods."
+// +kubebuilder:printcolumn:name="AVAILABLE",type="integer",JSONPath=".status.numberAvailable",description="The updated number of pods."
 // +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC."
 // +kubebuilder:printcolumn:name="CONTAINERS",type="string",priority=1,JSONPath=".spec.template.spec.containers[*].name",description="The containers of currently  daemonset."
 // +kubebuilder:printcolumn:name="IMAGES",type="string",priority=1,JSONPath=".spec.template.spec.containers[*].image",description="The images of currently advanced daemonset."

apis/apps/v1alpha1/ephemeraljob_types.go

@@ -25,8 +25,7 @@ import (
 // NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
 
 const (
-	EphemeralContainerCreateByJob = "apps.kruise.io/ephemeraljob"
-	EphemeralContainerEnvKey      = "ephemeraljob"
+	EphemeralContainerEnvKey = "KRUISE_EJOB_ID"
 )
 
 // EphemeralJobSpec defines the desired state of EphemeralJob
@@ -38,7 +37,7 @@ type EphemeralJobSpec struct {
 
 	// Replicas indicates a part of the quantity from matched pods by selector.
 	// Usually it is used for gray scale working.
-	// if Replicas exceeded the matched number by selector, replicas will not work.
+	// if Replicas exceeded the matched number by selector or not be set, replicas will not work.
 	Replicas *int32 `json:"replicas,omitempty"`
 
 	// Parallelism specifies the maximum desired number of pods which matches running ephemeral containers.
@@ -52,24 +51,33 @@ type EphemeralJobSpec struct {
 	// +optional
 	Paused bool `json:"paused,omitempty" protobuf:"bytes,4,opt,name=paused"`
 
-	// ttlSecondsAfterCreated is the TTL duration after ephemeral job has created.
-	// default value is 300.
-	// if the dua
-	// If the the existing time of an ephemeral job after be created exceeds TTLSecondsAfterCreated seconds,
-	// the ephemeral job and all matched ephemeral containers will be deleted.
-	TTLSecondsAfterCreated *int32 `json:"ttlSecondsAfterCreated,omitempty"`
-
 	// ActiveDeadlineSeconds specifies the duration in seconds relative to the startTime that the job may be active
 	// before the system tries to terminate it; value must be positive integer.
 	// Only works for Always type.
 	// +optional
-	// TODO:
-	// ActiveDeadlineSeconds *int64 `json:"activeDeadlineSeconds,omitempty" protobuf:"varint,2,opt,name=activeDeadlineSeconds"`
+	ActiveDeadlineSeconds *int64 `json:"activeDeadlineSeconds,omitempty" protobuf:"varint,2,opt,name=activeDeadlineSeconds"`
+
+	// ttlSecondsAfterFinished limits the lifetime of a Job that has finished
+	// execution (either Complete or Failed). If this field is set,
+	// ttlSecondsAfterFinished after the eJob finishes, it is eligible to be
+	// automatically deleted. When the Job is being deleted, its lifecycle
+	// guarantees (e.g. finalizers) will be honored.
+	// If this field is unset, default value is 1800
+	// If this field is set to zero,
+	// the Job becomes eligible to be deleted immediately after it finishes.
+	// +optional
+	TTLSecondsAfterFinished *int32 `json:"ttlSecondsAfterFinished,omitempty" protobuf:"varint,4,opt,name=ttlSecondsAfterFinished"`
 }
 
 // EphemeralContainerTemplateSpec describes template spec of ephemeral containers
 type EphemeralContainerTemplateSpec struct {
-	EphemeralContainers []*v1.EphemeralContainer `json:"ephemeralContainers"`
+
+	// EphemeralContainers defines ephemeral container list in match pods.
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	EphemeralContainers []v1.EphemeralContainer `json:"ephemeralContainers" patchStrategy:"merge" patchMergeKey:"name"`
 }
 
 // EphemeralJobStatus defines the observed state of EphemeralJob
@@ -81,8 +89,8 @@ type EphemeralJobStatus struct {
 	// +patchStrategy=merge
 	Conditions []EphemeralJobCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
 
-	// Represents time when the job was started. It is not guaranteed to
-	// be set in happens-before order across separate operations.
+	// Represents time when the job was acknowledged by the job controller.
+	// It is not guaranteed to be set in happens-before order across separate operations.
 	// It is represented in RFC3339 form and is in UTC.
 	// +optional
 	StartTime *metav1.Time `json:"startTime,omitempty" protobuf:"bytes,2,opt,name=startTime"`
@@ -105,9 +113,9 @@ type EphemeralJobStatus struct {
 	// +optional
 	Running int32 `json:"running" protobuf:"varint,4,opt,name=running"`
 
-	// The number of pods which reached phase Completed.
+	// The number of pods which reached phase Succeeded.
 	// +optional
-	Completed int32 `json:"completed" protobuf:"varint,5,opt,name=completed"`
+	Succeeded int32 `json:"succeeded" protobuf:"varint,5,opt,name=completed"`
 
 	// The number of waiting pods.
 	// +optional
@@ -190,8 +198,8 @@ const (
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
 // +kubebuilder:resource:shortName=ejob
+// +kubebuilder:printcolumn:name="STATUS",type="string",JSONPath=".status.phase",description="The status of ephemeral job"
 // +kubebuilder:printcolumn:name="MATCH",type="integer",JSONPath=".status.match",description="Number of ephemeral container matched by this job"
-// +kubebuilder:printcolumn:name="TARGET",type="integer",JSONPath=".status.replicas",description="Number of target pods"
 // +kubebuilder:printcolumn:name="SUCCEED",type="integer",JSONPath=".status.succeeded",description="Number of succeed ephemeral containers"
 // +kubebuilder:printcolumn:name="FAILED",type="integer",JSONPath=".status.failed",description="Number of failed ephemeral containers"
 // +kubebuilder:printcolumn:name="RUNNING",type="integer",JSONPath=".status.running",description="Number of running ephemeral containers"

apis/apps/v1alpha1/imagelistpulljob_types.go

@@ -0,0 +1,109 @@
+/*
+Copyright 2023 The Kruise Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// ImageListPullJobSpec defines the desired state of ImageListPullJob
+type ImageListPullJobSpec struct {
+	// Images is the image list to be pulled by the job
+	Images []string `json:"images"`
+
+	ImagePullJobTemplate `json:",inline"`
+}
+
+// ImageListPullJobStatus defines the observed state of ImageListPullJob
+type ImageListPullJobStatus struct {
+	// Represents time when the job was acknowledged by the job controller.
+	// It is not guaranteed to be set in happens-before order across separate operations.
+	// It is represented in RFC3339 form and is in UTC.
+	// +optional
+	StartTime *metav1.Time `json:"startTime,omitempty"`
+
+	// Represents time when the all the image pull job was completed. It is not guaranteed to
+	// be set in happens-before order across separate operations.
+	// It is represented in RFC3339 form and is in UTC.
+	// +optional
+	CompletionTime *metav1.Time `json:"completionTime,omitempty"`
+
+	// The desired number of ImagePullJobs, this is typically equal to the number of len(spec.Images).
+	Desired int32 `json:"desired"`
+
+	// The number of running ImagePullJobs which are acknowledged by the imagepulljob controller.
+	// +optional
+	Active int32 `json:"active"`
+
+	// The number of ImagePullJobs which are finished
+	// +optional
+	Completed int32 `json:"completed"`
+
+	// The number of image pull job which are finished and status.Succeeded==status.Desired.
+	// +optional
+	Succeeded int32 `json:"succeeded"`
+
+	// The status of ImagePullJob which has the failed nodes(status.Failed>0) .
+	// +optional
+	FailedImageStatuses []*FailedImageStatus `json:"failedImageStatuses,omitempty"`
+}
+
+// FailedImageStatus the state of ImagePullJob which has the failed nodes(status.Failed>0)
+type FailedImageStatus struct {
+	// The name of ImagePullJob which has the failed nodes(status.Failed>0)
+	// +optional
+	ImagePullJob string `json:"imagePullJob,omitempty"`
+
+	// Name of the image
+	// +optional
+	Name string `json:"name,omitempty"`
+
+	// The text prompt for job running status.
+	// +optional
+	Message string `json:"message,omitempty"`
+}
+
+// +genclient
+// +k8s:openapi-gen=true
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="TOTAL",type="integer",JSONPath=".status.desired",description="Number of image pull job"
+// +kubebuilder:printcolumn:name="SUCCEEDED",type="integer",JSONPath=".status.succeeded",description="Number of image pull job succeeded"
+// +kubebuilder:printcolumn:name="COMPLETED",type="integer",JSONPath=".status.completed",description="Number of ImagePullJobs which are finished"
+// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC."
+
+// ImageListPullJob is the Schema for the imagelistpulljobs API
+type ImageListPullJob struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   ImageListPullJobSpec   `json:"spec,omitempty"`
+	Status ImageListPullJobStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// ImageListPullJobList contains a list of ImageListPullJob
+type ImageListPullJobList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ImageListPullJob `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&ImageListPullJob{}, &ImageListPullJobList{})
+}

apis/apps/v1alpha1/imagepulljob_types.go

@@ -22,14 +22,30 @@ import (
 )
 
 const (
-	ImagePreDownloadParallelismKey    = "apps.kruise.io/image-predownload-parallelism"
-	ImagePreDownloadTimeoutSecondsKey = "apps.kruise.io/image-predownload-timeout-seconds"
+	ImagePreDownloadParallelismKey      = "apps.kruise.io/image-predownload-parallelism"
+	ImagePreDownloadTimeoutSecondsKey   = "apps.kruise.io/image-predownload-timeout-seconds"
+	ImagePreDownloadMinUpdatedReadyPods = "apps.kruise.io/image-predownload-min-updated-ready-pods"
+)
+
+// ImagePullPolicy describes a policy for if/when to pull a container image
+// +enum
+type ImagePullPolicy string
+
+const (
+	// PullAlways means that kruise-daemon always attempts to pull the latest image.
+	PullAlways ImagePullPolicy = "Always"
+	// PullIfNotPresent means that kruise-daemon pulls if the image isn't present on disk.
+	PullIfNotPresent ImagePullPolicy = "IfNotPresent"
 )
 
 // ImagePullJobSpec defines the desired state of ImagePullJob
 type ImagePullJobSpec struct {
 	// Image is the image to be pulled by the job
-	Image string `json:"image"`
+	Image                string `json:"image"`
+	ImagePullJobTemplate `json:",inline"`
+}
+
+type ImagePullJobTemplate struct {
 
 	// ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling the image.
 	// If specified, these secrets will be passed to individual puller implementations for them to use.  For example,
@@ -60,6 +76,15 @@ type ImagePullJobSpec struct {
 	// CompletionPolicy indicates the completion policy of the job.
 	// Default is Always CompletionPolicyType.
 	CompletionPolicy CompletionPolicy `json:"completionPolicy"`
+
+	// SandboxConfig support attach metadata in PullImage CRI interface during ImagePulljobs
+	// +optional
+	SandboxConfig *SandboxConfig `json:"sandboxConfig,omitempty"`
+
+	// Image pull policy.
+	// One of Always, IfNotPresent. Defaults to IfNotPresent.
+	// +optional
+	ImagePullPolicy ImagePullPolicy `json:"imagePullPolicy,omitempty"`
 }
 
 // ImagePullJobPodSelector is a selector over pods

apis/apps/v1alpha1/node_pod_probe_types.go

@@ -0,0 +1,129 @@
+/*
+Copyright 2022 The Kruise Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless persistent by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// NodePodProbeSpec defines the desired state of NodePodProbe
+type NodePodProbeSpec struct {
+	PodProbes []PodProbe `json:"podProbes,omitempty"`
+}
+
+type PodProbe struct {
+	// pod name
+	Name string `json:"name"`
+	// pod namespace
+	Namespace string `json:"namespace"`
+	// pod uid
+	UID string `json:"uid"`
+	// pod ip
+	IP string `json:"IP"`
+	// Custom container probe, supports Exec, Tcp, and returns the result to Pod yaml
+	Probes []ContainerProbe `json:"probes,omitempty"`
+}
+
+type ContainerProbe struct {
+	// Name is podProbeMarker.Name#probe.Name
+	Name string `json:"name"`
+	// container name
+	ContainerName string `json:"containerName"`
+	// container probe spec
+	Probe ContainerProbeSpec `json:"probe"`
+}
+
+type NodePodProbeStatus struct {
+	// pod probe results
+	PodProbeStatuses []PodProbeStatus `json:"podProbeStatuses,omitempty"`
+}
+
+type PodProbeStatus struct {
+	// pod name
+	Name string `json:"name"`
+	// pod namespace
+	Namespace string `json:"namespace"`
+	// pod uid
+	UID string `json:"uid"`
+	// pod probe result
+	ProbeStates []ContainerProbeState `json:"probeStates,omitempty"`
+}
+
+type ContainerProbeState struct {
+	// Name is podProbeMarker.Name#probe.Name
+	Name string `json:"name"`
+	// container probe exec state, True or False
+	State ProbeState `json:"state"`
+	// Last time we probed the condition.
+	// +optional
+	LastProbeTime metav1.Time `json:"lastProbeTime,omitempty"`
+	// Last time the condition transitioned from one status to another.
+	// +optional
+	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
+	// If Status=True, Message records the return result of Probe.
+	// If Status=False, Message records Probe's error message
+	Message string `json:"message,omitempty"`
+}
+
+type ProbeState string
+
+const (
+	ProbeSucceeded ProbeState = "Succeeded"
+	ProbeFailed    ProbeState = "Failed"
+	ProbeUnknown   ProbeState = "Unknown"
+)
+
+func (p ProbeState) IsEqualPodConditionStatus(status corev1.ConditionStatus) bool {
+	switch status {
+	case corev1.ConditionTrue:
+		return p == ProbeSucceeded
+	case corev1.ConditionFalse:
+		return p == ProbeFailed
+	default:
+		return p == ProbeUnknown
+	}
+}
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:openapi-gen=true
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:scope=Cluster
+// +kubebuilder:subresource:status
+
+// NodePodProbe is the Schema for the NodePodProbe API
+type NodePodProbe struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   NodePodProbeSpec   `json:"spec,omitempty"`
+	Status NodePodProbeStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// NodePodProbeList contains a list of NodePodProbe
+type NodePodProbeList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []NodePodProbe `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&NodePodProbe{}, &NodePodProbeList{})
+}

apis/apps/v1alpha1/nodeimage_types.go

@@ -38,6 +38,10 @@ type ImageSpec struct {
 
 	// Tags is a list of versions of this image
 	Tags []ImageTagSpec `json:"tags"`
+
+	// SandboxConfig support attach metadata in PullImage CRI interface during ImagePulljobs
+	// +optional
+	SandboxConfig *SandboxConfig `json:"sandboxConfig,omitempty"`
 }
 
 // ReferenceObject comprises a resource name, with a mandatory namespace,
@@ -76,6 +80,11 @@ type ImageTagSpec struct {
 	// Value must be treated as opaque by clients and .
 	// +optional
 	Version int64 `json:"version,omitempty"`
+
+	// Image pull policy.
+	// One of Always, IfNotPresent. Defaults to IfNotPresent.
+	// +optional
+	ImagePullPolicy ImagePullPolicy `json:"imagePullPolicy,omitempty"`
 }
 
 // ImageTagPullPolicy defines the policy of the pulling task
@@ -121,6 +130,10 @@ type NodeImageStatus struct {
 	// +optional
 	Pulling int32 `json:"pulling"`
 
+	// The number of pulling tasks which are waiting.
+	// +optional
+	Waiting int32 `json:"waiting"`
+
 	// all statuses of active image pulling tasks
 	ImageStatuses map[string]ImageStatus `json:"imageStatuses,omitempty"`
 
@@ -144,7 +157,7 @@ type ImageTagStatus struct {
 	// Represents the image pulling task phase.
 	Phase ImagePullPhase `json:"phase"`
 
-	// Represents the pulling progress of this tag, which is beetween 0-100. There is no guarantee
+	// Represents the pulling progress of this tag, which is between 0-100. There is no guarantee
 	// of monotonic consistency, and it may be a rollback due to retry during pulling.
 	Progress int32 `json:"progress,omitempty"`
 
@@ -168,7 +181,7 @@ type ImageTagStatus struct {
 	// +optional
 	ImageID string `json:"imageID,omitempty"`
 
-	// Represents the summary informations of this node
+	// Represents the summary information of this node
 	// +optional
 	Message string `json:"message,omitempty"`
 }

apis/apps/v1alpha1/persistent_pod_state_types.go

@@ -0,0 +1,133 @@
+/*
+Copyright 2022 The Kruise Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless persistent by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are persistent.  Any new fields you add must have json tags for the fields to be serialized.
+
+const (
+	// AnnotationAutoGeneratePersistentPodState indicates kruise will auto generate PersistentPodState object
+	// Need to work with AnnotationRequiredPersistentTopology and AnnotationPreferredPersistentTopology
+	AnnotationAutoGeneratePersistentPodState = "kruise.io/auto-generate-persistent-pod-state"
+	// AnnotationRequiredPersistentTopology Pod rebuilt topology required for node labels
+	// for example kruise.io/required-persistent-topology: topology.kubernetes.io/zone[,xxx]
+	// optional
+	AnnotationRequiredPersistentTopology = "kruise.io/required-persistent-topology"
+	// AnnotationPreferredPersistentTopology Pod rebuilt topology preferred for node labels and default with 100 weight
+	// for example kruise.io/preferred-persistent-topology: kubernetes.io/hostname[,xxx]
+	// optional
+	AnnotationPreferredPersistentTopology = "kruise.io/preferred-persistent-topology"
+	// AnnotationPersistentPodAnnotations Pod needs persistent annotations
+	// for example kruise.io/persistent-pod-annotations: cni.projectcalico.org/podIP[,xxx]
+	// optional
+	AnnotationPersistentPodAnnotations = "kruise.io/persistent-pod-annotations"
+)
+
+// PersistentPodStateSpec defines the desired state of PersistentPodState
+type PersistentPodStateSpec struct {
+	// TargetReference contains enough information to let you identify an workload for PersistentPodState
+	// Selector and TargetReference are mutually exclusive, TargetReference is priority to take effect
+	// current only support StatefulSet
+	TargetReference TargetReference `json:"targetRef"`
+
+	// Persist the annotations information of the pods that need to be saved
+	PersistentPodAnnotations []PersistentPodAnnotation `json:"persistentPodAnnotations,omitempty"`
+
+	// Pod rebuilt topology required for node labels
+	// for example kubernetes.io/hostname, failure-domain.beta.kubernetes.io/zone
+	RequiredPersistentTopology *NodeTopologyTerm `json:"requiredPersistentTopology,omitempty"`
+
+	// Pod rebuilt topology preferred for node labels, with xx weight
+	// for example  kubernetes.io/hostname, failure-domain.beta.kubernetes.io/zone
+	PreferredPersistentTopology []PreferredTopologyTerm `json:"preferredPersistentTopology,omitempty"`
+
+	// PersistentPodStateRetentionPolicy describes the policy used for PodState.
+	// The default policy of 'WhenScaled' causes when scale down statefulSet, deleting it.
+	// +optional
+	PersistentPodStateRetentionPolicy PersistentPodStateRetentionPolicyType `json:"persistentPodStateRetentionPolicy,omitempty"`
+}
+
+type PreferredTopologyTerm struct {
+	Weight     int32            `json:"weight"`
+	Preference NodeTopologyTerm `json:"preference"`
+}
+type NodeTopologyTerm struct {
+	// A list of node selector requirements by node's labels.
+	NodeTopologyKeys []string `json:"nodeTopologyKeys"`
+}
+
+type PersistentPodAnnotation struct {
+	Key string `json:"key"`
+}
+
+type PersistentPodStateRetentionPolicyType string
+
+const (
+	// PersistentPodStateRetentionPolicyWhenScaled specifies when scale down statefulSet, deleting podState record.
+	PersistentPodStateRetentionPolicyWhenScaled = "WhenScaled"
+	// PersistentPodStateRetentionPolicyWhenDeleted specifies when delete statefulSet, deleting podState record.
+	PersistentPodStateRetentionPolicyWhenDeleted = "WhenDeleted"
+)
+
+type PersistentPodStateStatus struct {
+	// observedGeneration is the most recent generation observed for this PersistentPodState. It corresponds to the
+	// PersistentPodState's generation, which is updated on mutation by the API Server.
+	ObservedGeneration int64 `json:"observedGeneration"`
+	// When the pod is ready, record some status information of the pod, such as: labels, annotations, topologies, etc.
+	// map[string]PodState -> map[Pod.Name]PodState
+	PodStates map[string]PodState `json:"podStates,omitempty"`
+}
+
+type PodState struct {
+	// pod.spec.nodeName
+	NodeName string `json:"nodeName,omitempty"`
+	// node topology labels key=value
+	// for example kubernetes.io/hostname=node-1
+	NodeTopologyLabels map[string]string `json:"nodeTopologyLabels,omitempty"`
+	// pod persistent annotations
+	Annotations map[string]string `json:"annotations,omitempty"`
+}
+
+// +genclient
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// PersistentPodState is the Schema for the PersistentPodState API
+type PersistentPodState struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   PersistentPodStateSpec   `json:"spec,omitempty"`
+	Status PersistentPodStateStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// PersistentPodStateList contains a list of PersistentPodState
+type PersistentPodStateList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []PersistentPodState `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&PersistentPodState{}, &PersistentPodStateList{})
+}

apis/apps/v1alpha1/pod_probe_marker_types.go

@@ -0,0 +1,132 @@
+/*
+Copyright 2022 The Kruise Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless persistent by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+	// PodProbeMarkerAnnotationKey records the Probe Spec, mainly used for serverless Pod scenarios, as follows:
+	//  annotations:
+	//    kruise.io/podprobe: |
+	//      [
+	//          {
+	//              "containerName": "minecraft",
+	//              "name": "healthy",
+	//              "podConditionType": "game.kruise.io/healthy",
+	//              "probe": {
+	//                  "exec": {
+	//                      "command": [
+	//                          "bash",
+	//                          "/data/probe.sh"
+	//                      ]
+	//                  }
+	//              }
+	//          }
+	//      ]
+	PodProbeMarkerAnnotationKey = "kruise.io/podprobe"
+	// PodProbeMarkerListAnnotationKey records the injected PodProbeMarker Name List
+	// example: kruise.io/podprobemarker-list="probe-marker-1,probe-marker-2"
+	PodProbeMarkerListAnnotationKey = "kruise.io/podprobemarker-list"
+)
+
+// PodProbeMarkerSpec defines the desired state of PodProbeMarker
+type PodProbeMarkerSpec struct {
+	// Selector is a label query over pods that should exec custom probe
+	// It must match the pod template's labels.
+	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+	Selector *metav1.LabelSelector `json:"selector"`
+	// Custom container probe, current only support Exec().
+	// Probe Result will record in Pod.Status.Conditions, and condition.type=probe.name.
+	// condition.status=True indicates probe success
+	// condition.status=False indicates probe fails
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	Probes []PodContainerProbe `json:"probes" patchStrategy:"merge" patchMergeKey:"name"`
+}
+
+type PodContainerProbe struct {
+	// probe name, unique within the Pod(Even between different containers, they cannot be the same)
+	Name string `json:"name"`
+	// container name
+	ContainerName string `json:"containerName"`
+	// container probe spec
+	Probe ContainerProbeSpec `json:"probe"`
+	// According to the execution result of ContainerProbe, perform specific actions,
+	// such as: patch Pod labels, annotations, ReadinessGate Condition
+	// It cannot be null at the same time as PodConditionType.
+	// +patchMergeKey=state
+	// +patchStrategy=merge
+	MarkerPolicy []ProbeMarkerPolicy `json:"markerPolicy,omitempty"  patchStrategy:"merge" patchMergeKey:"state"`
+	// If it is not empty, the Probe execution result will be recorded on the Pod condition.
+	// It cannot be null at the same time as MarkerPolicy.
+	// For example PodConditionType=game.kruise.io/healthy, pod.status.condition.type = game.kruise.io/healthy.
+	// When probe is Succeeded, pod.status.condition.status = True. Otherwise, when the probe fails to execute, pod.status.condition.status = False.
+	PodConditionType string `json:"podConditionType,omitempty"`
+}
+
+type ContainerProbeSpec struct {
+	v1.Probe `json:",inline"`
+}
+
+type ProbeMarkerPolicy struct {
+	// probe status, True or False
+	// For example: State=Succeeded, annotations[controller.kubernetes.io/pod-deletion-cost] = '10'.
+	// State=Failed, annotations[controller.kubernetes.io/pod-deletion-cost] = '-10'.
+	// In addition, if State=Failed is not defined, Exec execution fails, and the annotations[controller.kubernetes.io/pod-deletion-cost] will be Deleted
+	State ProbeState `json:"state"`
+	// Patch Labels pod.labels
+	Labels map[string]string `json:"labels,omitempty"`
+	// Patch annotations pod.annotations
+	Annotations map[string]string `json:"annotations,omitempty"`
+}
+
+type PodProbeMarkerStatus struct {
+	// observedGeneration is the most recent generation observed for this PodProbeMarker. It corresponds to the
+	// PodProbeMarker's generation, which is updated on mutation by the API Server.
+	ObservedGeneration int64 `json:"observedGeneration"`
+	// matched Pods
+	MatchedPods int64 `json:"matchedPods,omitempty"`
+}
+
+// +genclient
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// PodProbeMarker is the Schema for the PodProbeMarker API
+type PodProbeMarker struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   PodProbeMarkerSpec   `json:"spec,omitempty"`
+	Status PodProbeMarkerStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// PodProbeMarkerList contains a list of PodProbeMarker
+type PodProbeMarkerList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []PodProbeMarker `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&PodProbeMarker{}, &PodProbeMarkerList{})
+}

apis/apps/v1alpha1/resourcedistribution_types.go

@@ -27,6 +27,8 @@ type ResourceDistributionSpec struct {
 	// Important: Run "make" to regenerate code after modifying this file
 
 	// Resource must be the complete yaml that users want to distribute.
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:EmbeddedResource
 	Resource runtime.RawExtension `json:"resource"`
 
 	// Targets defines the namespaces that users want to distribute to.
@@ -67,8 +69,10 @@ type ResourceDistributionTargetNamespaces struct {
 		Pattern string `json:"pattern,omitempty"`
 	*/
 
+	// +patchMergeKey=name
+	// +patchStrategy=merge
 	// +optional
-	List []ResourceDistributionNamespace `json:"list,omitempty"`
+	List []ResourceDistributionNamespace `json:"list,omitempty" patchStrategy:"merge" patchMergeKey:"name"`
 }
 
 // ResourceDistributionNamespace contains a namespace name
@@ -157,9 +161,12 @@ const (
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:openapi-gen=true
-//+kubebuilder:object:root=true
-//+kubebuilder:subresource:status
-//+kubebuilder:resource:scope=Cluster
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:scope=Cluster,shortName=distributor
+// +kubebuilder:printcolumn:name="TOTAL",type="integer",JSONPath=".status.desired",description="The desired number of desired distribution and syncs."
+// +kubebuilder:printcolumn:name="SUCCEED",type="integer",JSONPath=".status.succeeded",description="The number of successful distribution and syncs."
+// +kubebuilder:printcolumn:name="FAILED",type="integer",JSONPath=".status.failed",description="The number of failed distributions and syncs."
 
 // ResourceDistribution is the Schema for the resourcedistributions API.
 type ResourceDistribution struct {

apis/apps/v1alpha1/sandboxconfig_types.go

@@ -0,0 +1,25 @@
+/*
+Copyright 2023 The Kruise Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+// SandboxConfig support attach metadata in PullImage CRI interface during ImagePulljobs
+type SandboxConfig struct {
+	// +optional
+	Labels map[string]string `json:"labels,omitempty"`
+	// +optional
+	Annotations map[string]string `json:"annotations,omitempty"`
+}

apis/apps/v1alpha1/sidecarset_types.go

@@ -17,11 +17,22 @@ limitations under the License.
 package v1alpha1
 
 import (
+	appspub "github.com/openkruise/kruise/apis/apps/pub"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
 )
 
+const (
+	// SidecarSetCustomVersionLabel is designed to record and label the controllerRevision of sidecarSet.
+	// This label will be passed from SidecarSet to its corresponding ControllerRevision, users can use
+	// this label to selector the ControllerRevision they want.
+	// For example, users can update the label from "version-1" to "version-2" when they upgrade the
+	// sidecarSet to "version-2", and they write the "version-2" to InjectionStrategy.Revision.CustomVersion
+	// when they decided to promote the "version-2", to avoid some risks about gray deployment of SidecarSet.
+	SidecarSetCustomVersionLabel = "apps.kruise.io/sidecarset-custom-version"
+)
+
 // SidecarSetSpec defines the desired state of SidecarSet
 type SidecarSetSpec struct {
 	// selector is a label query over pods that should be injected
@@ -31,16 +42,28 @@ type SidecarSetSpec struct {
 	// otherwise, match pods in all namespaces(in cluster)
 	Namespace string `json:"namespace,omitempty"`
 
-	// Containers is the list of init containers to be injected into the selected pod
+	// NamespaceSelector select which namespaces to inject sidecar containers.
+	// Default to the empty LabelSelector, which matches everything.
+	NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
+
+	// InitContainers is the list of init containers to be injected into the selected pod
 	// We will inject those containers by their name in ascending order
 	// We only inject init containers when a new pod is created, it does not apply to any existing pod
-	InitContainers []SidecarContainer `json:"initContainers,omitempty"`
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	InitContainers []SidecarContainer `json:"initContainers,omitempty" patchStrategy:"merge" patchMergeKey:"name"`
 
 	// Containers is the list of sidecar containers to be injected into the selected pod
-	Containers []SidecarContainer `json:"containers,omitempty"`
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	Containers []SidecarContainer `json:"containers,omitempty" patchStrategy:"merge" patchMergeKey:"name"`
 
 	// List of volumes that can be mounted by sidecar containers
-	Volumes []corev1.Volume `json:"volumes,omitempty"`
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	Volumes []corev1.Volume `json:"volumes,omitempty" patchStrategy:"merge" patchMergeKey:"name"`
 
 	// The sidecarset updateStrategy to use to replace existing pods with new ones.
 	UpdateStrategy SidecarSetUpdateStrategy `json:"updateStrategy,omitempty"`
@@ -49,11 +72,53 @@ type SidecarSetSpec struct {
 	InjectionStrategy SidecarSetInjectionStrategy `json:"injectionStrategy,omitempty"`
 
 	// List of the names of secrets required by pulling sidecar container images
-	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name"`
+
+	// RevisionHistoryLimit indicates the maximum quantity of stored revisions about the SidecarSet.
+	// default value is 10
+	RevisionHistoryLimit *int32 `json:"revisionHistoryLimit,omitempty"`
+
+	// SidecarSet support to inject & in-place update metadata in pod.
+	PatchPodMetadata []SidecarSetPatchPodMetadata `json:"patchPodMetadata,omitempty"`
 }
 
+type SidecarSetPatchPodMetadata struct {
+	// annotations
+	Annotations map[string]string `json:"annotations,omitempty"`
+
+	// labels map[string]string `json:"labels,omitempty"`
+	// patch pod metadata policy, Default is "Retain"
+	PatchPolicy SidecarSetPatchPolicyType `json:"patchPolicy,omitempty"`
+}
+
+type SidecarSetPatchPolicyType string
+
+var (
+	// SidecarSetRetainPatchPolicy indicates if PatchPodFields conflicts with Pod,
+	// will ignore PatchPodFields, and retain the corresponding fields of pods.
+	// SidecarSet webhook cannot allow the conflict of PatchPodFields between SidecarSets under this policy type.
+	// Note: Retain is only supported for injection, and the Metadata will not be updated when upgrading the Sidecar Container in-place.
+	SidecarSetRetainPatchPolicy SidecarSetPatchPolicyType = "Retain"
+
+	// SidecarSetOverwritePatchPolicy indicates if PatchPodFields conflicts with Pod,
+	// SidecarSet will apply PatchPodFields to overwrite the corresponding fields of pods.
+	// SidecarSet webhook cannot allow the conflict of PatchPodFields between SidecarSets under this policy type.
+	// Overwrite support to inject and in-place metadata.
+	SidecarSetOverwritePatchPolicy SidecarSetPatchPolicyType = "Overwrite"
+
+	// SidecarSetMergePatchJsonPatchPolicy indicate that sidecarSet use application/merge-patch+json to patch annotation value,
+	// for example, A patch annotation[oom-score] = '{"log-agent": 1}' and B patch annotation[oom-score] = '{"envoy": 2}'
+	// result pod annotation[oom-score] = '{"log-agent": 1, "envoy": 2}'
+	// MergePatchJson support to inject and in-place metadata.
+	SidecarSetMergePatchJsonPatchPolicy SidecarSetPatchPolicyType = "MergePatchJson"
+)
+
 // SidecarContainer defines the container of Sidecar
 type SidecarContainer struct {
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
 	corev1.Container `json:",inline"`
 
 	// The rules that injected SidecarContainer into Pod.spec.containers,
@@ -67,9 +132,14 @@ type SidecarContainer struct {
 	UpgradeStrategy SidecarContainerUpgradeStrategy `json:"upgradeStrategy,omitempty"`
 
 	// If ShareVolumePolicy is enabled, the sidecar container will share the other container's VolumeMounts
-	// in the pod(don't contains the injected sidecar container).
+	// in the pod(not including the injected sidecar container).
 	ShareVolumePolicy ShareVolumePolicy `json:"shareVolumePolicy,omitempty"`
 
+	// If ShareVolumeDevicePolicy is enabled, the sidecar container will share the other container's VolumeDevices
+	// in the pod(don't contain the injected sidecar container).
+	// This is a pointer to ensure that the sidecarset-hash does not change if the user does not configure this field, mainly for compatibility with older versions.
+	ShareVolumeDevicePolicy *ShareVolumePolicy `json:"shareVolumeDevicePolicy,omitempty"`
+
 	// TransferEnv will transfer env info from other container
 	// SourceContainerName is pod.spec.container[x].name; EnvName is pod.spec.container[x].Env.name
 	TransferEnv []TransferEnvVar `json:"transferEnv,omitempty"`
@@ -95,7 +165,16 @@ const (
 
 type TransferEnvVar struct {
 	SourceContainerName string `json:"sourceContainerName,omitempty"`
-	EnvName             string `json:"envName,omitempty"`
+	// +optional
+	SourceContainerNameFrom *SourceContainerNameSource `json:"sourceContainerNameFrom,omitempty"`
+	EnvName                 string                     `json:"envName,omitempty"`
+	// +optional
+	EnvNames []string `json:"envNames,omitempty"`
+}
+
+type SourceContainerNameSource struct {
+	// Selects a field of the pod: supports metadata.name, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+	FieldRef *corev1.ObjectFieldSelector `json:"fieldRef,omitempty"`
 }
 
 type SidecarContainerUpgradeType string
@@ -125,8 +204,45 @@ type SidecarSetInjectionStrategy struct {
 	// but the injected sidecar container remains updating and running.
 	// default is false
 	Paused bool `json:"paused,omitempty"`
+
+	// Revision can help users rolling update SidecarSet safely. If users set
+	// this filed, SidecarSet will try to inject specific revision according to
+	// different policies.
+	Revision *SidecarSetInjectRevision `json:"revision,omitempty"`
 }
 
+type SidecarSetInjectRevision struct {
+	// CustomVersion corresponds to label 'apps.kruise.io/sidecarset-custom-version' of (History) SidecarSet.
+	// SidecarSet will select the specific ControllerRevision via this CustomVersion, and then restore the
+	// history SidecarSet to inject specific version of the sidecar to pods.
+	// + optional
+	CustomVersion *string `json:"customVersion,omitempty"`
+	// RevisionName corresponds to a specific ControllerRevision name of SidecarSet that you want to inject to Pods.
+	// + optional
+	RevisionName *string `json:"revisionName,omitempty"`
+	// Policy describes the behavior of revision injection.
+	// +kubebuilder:validation:Enum=Always;Partial;
+	// +kubebuilder:default=Always
+	Policy SidecarSetInjectRevisionPolicy `json:"policy,omitempty"`
+}
+
+type SidecarSetInjectRevisionPolicy string
+
+const (
+	// AlwaysSidecarSetInjectRevisionPolicy means the SidecarSet will always inject
+	// the specific revision to Pods when pod creating, except matching UpdateStrategy.Selector.
+	AlwaysSidecarSetInjectRevisionPolicy SidecarSetInjectRevisionPolicy = "Always"
+
+	// PartialSidecarSetInjectRevisionPolicy means the SidecarSet will inject the specific or the latest revision according to UpdateStrategy.
+	//
+	// If UpdateStrategy.Pause is not true, only when a newly created Pod is **not** selected by the Selector explicitly
+	// configured in `UpdateStrategy` will it be injected with the specified version of the Sidecar.
+	// Under all other conditions, newly created Pods have a probability of being injected with the latest Sidecar,
+	// where the probability is `1 - UpdateStrategy.Partition`.
+	// If `Partition` is not a percentage or is not configured, its value is considered to be 0%.
+	PartialSidecarSetInjectRevisionPolicy SidecarSetInjectRevisionPolicy = "Partial"
+)
+
 // SidecarSetUpdateStrategy indicates the strategy that the SidecarSet
 // controller will use to perform updates. It includes any additional parameters
 // necessary to perform the update for the indicated strategy.
@@ -138,11 +254,15 @@ type SidecarSetUpdateStrategy struct {
 	Type SidecarSetUpdateStrategyType `json:"type,omitempty"`
 
 	// Paused indicates that the SidecarSet is paused to update the injected pods,
-	// but it don't affect the webhook inject sidecar container into the newly created pods.
-	// default is false
+	// For the impact on the injection behavior for newly created Pods, please refer to the comments of Selector.
 	Paused bool `json:"paused,omitempty"`
 
 	// If selector is not nil, this upgrade will only update the selected pods.
+	//
+	// Starting from Kruise 1.8.0, the updateStrategy.Selector affects the version of the Sidecar container
+	// injected into newly created Pods by a SidecarSet configured with an injectionStrategy.
+	// In most cases, all newly created Pods are injected with the specified Sidecar version as configured in injectionStrategy.revision,
+	// which is consistent with previous versions.
 	Selector *metav1.LabelSelector `json:"selector,omitempty"`
 
 	// Partition is the desired number of pods in old revisions. It means when partition
@@ -157,7 +277,9 @@ type SidecarSetUpdateStrategy struct {
 	// This cannot be 0.
 	// Default value is 1.
 	MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty"`
-
+	// Priorities are the rules for calculating the priority of updating pods.
+	// Each pod to be updated, will pass through these terms and get a sum of weights.
+	PriorityStrategy *appspub.UpdatePriorityStrategy `json:"priorityStrategy,omitempty"`
 	// ScatterStrategy defines the scatter rules to make pods been scattered when update.
 	// This will avoid pods with the same key-value to be updated in one batch.
 	// - Note that pods will be scattered after priority sort. So, although priority strategy and scatter strategy can be applied together, we suggest to use either one of them.
@@ -189,6 +311,14 @@ type SidecarSetStatus struct {
 
 	// updatedReadyPods is the number of matched pods that updated and ready
 	UpdatedReadyPods int32 `json:"updatedReadyPods,omitempty"`
+
+	// LatestRevision, if not empty, indicates the latest controllerRevision name of the SidecarSet.
+	LatestRevision string `json:"latestRevision,omitempty"`
+
+	// CollisionCount is the count of hash collisions for the SidecarSet. The SidecarSet controller
+	// uses this field as a collision avoidance mechanism when it needs to create the name for the
+	// newest ControllerRevision.
+	CollisionCount *int32 `json:"collisionCount,omitempty"`
 }
 
 // +genclient

apis/apps/v1alpha1/statefulset_types.go

@@ -128,6 +128,8 @@ type StatefulSetSpec struct {
 	// insufficient replicas are detected. Each pod stamped out by the StatefulSet
 	// will fulfill this Template, but have a unique identity from the rest
 	// of the StatefulSet.
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
 	Template v1.PodTemplateSpec `json:"template"`
 
 	// volumeClaimTemplates is a list of claims that pods are allowed to reference.
@@ -138,6 +140,8 @@ type StatefulSetSpec struct {
 	// any volumes in the template, with the same name.
 	// TODO: Define the behavior if a claim already exists with the same name.
 	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
 	VolumeClaimTemplates []v1.PersistentVolumeClaim `json:"volumeClaimTemplates,omitempty"`
 
 	// serviceName is the name of the service that governs this StatefulSet.

apis/apps/v1alpha1/uniteddeployment_types.go

@@ -17,9 +17,13 @@ limitations under the License.
 package v1alpha1
 
 import (
+	"time"
+
+	"github.com/openkruise/kruise/apis/apps/v1beta1"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/intstr"
 )
 
@@ -44,6 +48,8 @@ const (
 	SubsetUpdated UnitedDeploymentConditionType = "SubsetUpdated"
 	// SubsetFailure is added to a UnitedDeployment when one of its subsets has failure during its own reconciling.
 	SubsetFailure UnitedDeploymentConditionType = "SubsetFailure"
+	// UnitedDeploymentUpdated means currentRevision is equal to updatedRevision.
+	UnitedDeploymentUpdated UnitedDeploymentConditionType = "UnitedDeploymentUpdated"
 )
 
 // UnitedDeploymentSpec defines the desired state of UnitedDeployment.
@@ -98,29 +104,38 @@ type SubsetTemplate struct {
 
 // StatefulSetTemplateSpec defines the subset template of StatefulSet.
 type StatefulSetTemplateSpec struct {
-	// +kubebuilder:validation:XPreserveUnknownFields
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
 	metav1.ObjectMeta `json:"metadata,omitempty"`
-	Spec              appsv1.StatefulSetSpec `json:"spec"`
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
+	Spec appsv1.StatefulSetSpec `json:"spec"`
 }
 
 // AdvancedStatefulSetTemplateSpec defines the subset template of AdvancedStatefulSet.
 type AdvancedStatefulSetTemplateSpec struct {
-	// +kubebuilder:validation:XPreserveUnknownFields
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
 	metav1.ObjectMeta `json:"metadata,omitempty"`
-	Spec              StatefulSetSpec `json:"spec"`
+	Spec              v1beta1.StatefulSetSpec `json:"spec"`
 }
 
 // CloneSetTemplateSpec defines the subset template of CloneSet.
 type CloneSetTemplateSpec struct {
-	// +kubebuilder:validation:XPreserveUnknownFields
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 	Spec              CloneSetSpec `json:"spec"`
 }
 
 // DeploymentTemplateSpec defines the subset template of Deployment.
 type DeploymentTemplateSpec struct {
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
 	metav1.ObjectMeta `json:"metadata,omitempty"`
-	Spec              appsv1.DeploymentSpec `json:"spec"`
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
+	Spec appsv1.DeploymentSpec `json:"spec"`
 }
 
 // UnitedDeploymentUpdateStrategy defines the update performance
@@ -149,8 +164,14 @@ type ManualUpdate struct {
 type Topology struct {
 	// Contains the details of each subset. Each element in this array represents one subset
 	// which will be provisioned and managed by UnitedDeployment.
+	// +patchMergeKey=name
+	// +patchStrategy=merge
 	// +optional
-	Subsets []Subset `json:"subsets,omitempty"`
+	Subsets []Subset `json:"subsets,omitempty" patchStrategy:"merge" patchMergeKey:"name"`
+
+	// ScheduleStrategy indicates the strategy the UnitedDeployment used to preform the schedule between each of subsets.
+	// +optional
+	ScheduleStrategy UnitedDeploymentScheduleStrategy `json:"scheduleStrategy,omitempty"`
 }
 
 // Subset defines the detail of a subset.
@@ -175,8 +196,107 @@ type Subset struct {
 	// percentage like '10%', which means 10% of UnitedDeployment replicas of pods will be distributed
 	// under this subset. If nil, the number of replicas in this subset is determined by controller.
 	// Controller will try to keep all the subsets with nil replicas have average pods.
+	// Replicas and MinReplicas/MaxReplicas are mutually exclusive in a UnitedDeployment.
 	// +optional
 	Replicas *intstr.IntOrString `json:"replicas,omitempty"`
+
+	// Indicates the lower bounded replicas of the subset.
+	// MinReplicas must be more than or equal to 0 if it is set.
+	// Controller will prioritize satisfy minReplicas for each subset
+	// according to the order of Topology.Subsets.
+	// Defaults to 0.
+	// +optional
+	MinReplicas *intstr.IntOrString `json:"minReplicas,omitempty"`
+
+	// Indicates the upper bounded replicas of the subset.
+	// MaxReplicas must be more than or equal to MinReplicas.
+	// MaxReplicas == nil means no limitation.
+	// Please ensure that at least one subset has empty MaxReplicas(no limitation) to avoid stuck scaling.
+	// Defaults to nil.
+	// +optional
+	MaxReplicas *intstr.IntOrString `json:"maxReplicas,omitempty"`
+
+	// Patch indicates patching to the templateSpec.
+	// Patch takes precedence over other fields
+	// If the Patch also modifies the Replicas, NodeSelectorTerm or Tolerations, use value in the Patch
+	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
+	Patch runtime.RawExtension `json:"patch,omitempty"`
+}
+
+// UnitedDeploymentScheduleStrategyType is a string enumeration type that enumerates
+// all possible schedule strategies for the UnitedDeployment controller.
+// +kubebuilder:validation:Enum=Adaptive;Fixed;""
+type UnitedDeploymentScheduleStrategyType string
+
+const (
+	// AdaptiveUnitedDeploymentScheduleStrategyType represents that when a pod is stuck in the pending status and cannot
+	// be scheduled, allow it to be rescheduled to another subset.
+	AdaptiveUnitedDeploymentScheduleStrategyType UnitedDeploymentScheduleStrategyType = "Adaptive"
+	// FixedUnitedDeploymentScheduleStrategyType represents that pods are strictly scheduled to the selected subset
+	// even if scheduling fail.
+	FixedUnitedDeploymentScheduleStrategyType UnitedDeploymentScheduleStrategyType = "Fixed"
+)
+
+const (
+	DefaultRescheduleCriticalDuration      = 30 * time.Second
+	DefaultUnschedulableStatusLastDuration = 300 * time.Second
+)
+
+// AdaptiveUnitedDeploymentStrategy is used to communicate parameters when Type is AdaptiveUnitedDeploymentScheduleStrategyType.
+type AdaptiveUnitedDeploymentStrategy struct {
+	// RescheduleCriticalSeconds indicates how long controller will reschedule a schedule failed Pod to the subset that has
+	// redundant capacity after the subset where the Pod lives. If a Pod was scheduled failed and still in an unschedulabe status
+	// over RescheduleCriticalSeconds duration, the controller will reschedule it to a suitable subset. Default is 30 seconds.
+	// +optional
+	RescheduleCriticalSeconds *int32 `json:"rescheduleCriticalSeconds,omitempty"`
+
+	// UnschedulableDuration is used to set the number of seconds for a Subset to recover from an unschedulable state,
+	// with a default value of 300 seconds.
+	// +optional
+	UnschedulableDuration *int32 `json:"unschedulableDuration,omitempty"`
+
+	// ReserveUnschedulablePods indicates whether to enable reservation rescheduling mode, which is disabled by default.
+	// If this feature is enabled, those pending pods that would otherwise be permanently transferred to other subsets
+	// due to scheduling failure will be retained, and a temporary substitute Pod will be created in another subset to take over its work.
+	// When the retained pod is successfully scheduled and ready, its temporary substitute will be deleted.
+	// +optional
+	ReserveUnschedulablePods bool `json:"reserveUnschedulablePods,omitempty"`
+}
+
+// UnitedDeploymentScheduleStrategy defines the schedule performance of UnitedDeployment.
+type UnitedDeploymentScheduleStrategy struct {
+	// Type indicates the type of the UnitedDeploymentScheduleStrategy.
+	// Default is Fixed
+	// +optional
+	Type UnitedDeploymentScheduleStrategyType `json:"type,omitempty"`
+
+	// Adaptive is used to communicate parameters when Type is AdaptiveUnitedDeploymentScheduleStrategyType.
+	// +optional
+	Adaptive *AdaptiveUnitedDeploymentStrategy `json:"adaptive,omitempty"`
+}
+
+func (s *UnitedDeploymentScheduleStrategy) IsAdaptive() bool {
+	return s.Type == AdaptiveUnitedDeploymentScheduleStrategyType
+}
+
+func (s *UnitedDeploymentScheduleStrategy) ShouldReserveUnschedulablePods() bool {
+	return s.IsAdaptive() && s.Adaptive != nil && s.Adaptive.ReserveUnschedulablePods
+}
+
+func (s *UnitedDeploymentScheduleStrategy) GetRescheduleCriticalDuration() time.Duration {
+	if s.Adaptive == nil || s.Adaptive.RescheduleCriticalSeconds == nil {
+		return DefaultRescheduleCriticalDuration
+	}
+	return time.Duration(*s.Adaptive.RescheduleCriticalSeconds) * time.Second
+}
+
+func (s *UnitedDeploymentScheduleStrategy) GetUnschedulableDuration() time.Duration {
+	if s.Adaptive == nil || s.Adaptive.UnschedulableDuration == nil {
+		return DefaultUnschedulableStatusLastDuration
+	}
+	return time.Duration(*s.Adaptive.UnschedulableDuration) * time.Second
 }
 
 // UnitedDeploymentStatus defines the observed state of UnitedDeployment.
@@ -196,6 +316,9 @@ type UnitedDeploymentStatus struct {
 	// The number of pods in current version.
 	UpdatedReplicas int32 `json:"updatedReplicas"`
 
+	// The number of reserved pods in temporary adaptive strategy.
+	ReservedPods int32 `json:"reservedPods,omitempty"`
+
 	// The number of ready current revision replicas for this UnitedDeployment.
 	// +optional
 	UpdatedReadyReplicas int32 `json:"updatedReadyReplicas,omitempty"`
@@ -213,6 +336,8 @@ type UnitedDeploymentStatus struct {
 	// +optional
 	SubsetReplicas map[string]int32 `json:"subsetReplicas,omitempty"`
 
+	// Record the conditions of each subset.
+	SubsetStatuses []UnitedDeploymentSubsetStatus `json:"subsetStatuses,omitempty"`
 	// Represents the latest available observations of a UnitedDeployment's current state.
 	// +optional
 	Conditions []UnitedDeploymentCondition `json:"conditions,omitempty"`
@@ -220,6 +345,18 @@ type UnitedDeploymentStatus struct {
 	// Records the information of update progress.
 	// +optional
 	UpdateStatus *UpdateStatus `json:"updateStatus,omitempty"`
+
+	// LabelSelector is label selectors for query over pods that should match the replica count used by HPA.
+	LabelSelector string `json:"labelSelector,omitempty"`
+}
+
+func (s *UnitedDeploymentStatus) GetSubsetStatus(subset string) *UnitedDeploymentSubsetStatus {
+	for i, subsetStatus := range s.SubsetStatuses {
+		if subsetStatus.Name == subset {
+			return &s.SubsetStatuses[i]
+		}
+	}
+	return nil
 }
 
 // UnitedDeploymentCondition describes current state of a UnitedDeployment.
@@ -236,7 +373,7 @@ type UnitedDeploymentCondition struct {
 	// The reason for the condition's last transition.
 	Reason string `json:"reason,omitempty"`
 
-	// A human readable message indicating details about the transition.
+	// A human-readable message indicating details about the transition.
 	Message string `json:"message,omitempty"`
 }
 
@@ -251,13 +388,73 @@ type UpdateStatus struct {
 	CurrentPartitions map[string]int32 `json:"currentPartitions,omitempty"`
 }
 
+type UnitedDeploymentSubsetStatus struct {
+	// Subset name specified in Topology.Subsets
+	Name string `json:"name,omitempty"`
+	// Records the current replicas. Currently unused.
+	Replicas int32 `json:"replicas,omitempty"`
+	// Records the current ready replicas. Currently unused.
+	ReadyReplicas int32 `json:"readyReplicas,omitempty"`
+	// Records the current partition. Currently unused.
+	Partition int32 `json:"partition,omitempty"`
+	// Records the reserved pods in the subset.
+	ReservedPods int32 `json:"reservedPods,omitempty"`
+	// Conditions is an array of current observed subset conditions.
+	Conditions []UnitedDeploymentSubsetCondition `json:"conditions,omitempty"`
+}
+
+func (s *UnitedDeploymentSubsetStatus) GetCondition(condType UnitedDeploymentSubsetConditionType) *UnitedDeploymentSubsetCondition {
+	for _, condition := range s.Conditions {
+		if condition.Type == condType {
+			return &condition
+		}
+	}
+	return nil
+}
+
+func (s *UnitedDeploymentSubsetStatus) SetCondition(condType UnitedDeploymentSubsetConditionType, status corev1.ConditionStatus, reason, message string) {
+	var currentCond *UnitedDeploymentSubsetCondition
+	for i, c := range s.Conditions {
+		if c.Type == condType {
+			currentCond = &s.Conditions[i]
+			break
+		}
+	}
+	if currentCond != nil && currentCond.Status == status && currentCond.Reason == reason {
+		return
+	}
+	if currentCond == nil {
+		s.Conditions = append(s.Conditions, UnitedDeploymentSubsetCondition{Type: condType})
+		currentCond = &s.Conditions[len(s.Conditions)-1]
+	}
+	currentCond.LastTransitionTime = metav1.Now()
+	currentCond.Status = status
+	currentCond.Reason = reason
+	currentCond.Message = message
+}
+
+type UnitedDeploymentSubsetConditionType string
+
+const (
+	// UnitedDeploymentSubsetSchedulable means new pods allocated into the subset will keep pending.
+	UnitedDeploymentSubsetSchedulable UnitedDeploymentSubsetConditionType = "Schedulable"
+)
+
+type UnitedDeploymentSubsetCondition struct {
+	Type               UnitedDeploymentSubsetConditionType `json:"type"`
+	Status             corev1.ConditionStatus              `json:"status"`
+	LastTransitionTime metav1.Time                         `json:"lastTransitionTime,omitempty"`
+	Reason             string                              `json:"reason,omitempty"`
+	Message            string                              `json:"message,omitempty"`
+}
+
 // +genclient
 // +genclient:method=GetScale,verb=get,subresource=scale,result=k8s.io/api/autoscaling/v1.Scale
 // +genclient:method=UpdateScale,verb=update,subresource=scale,input=k8s.io/api/autoscaling/v1.Scale,result=k8s.io/api/autoscaling/v1.Scale
 // +k8s:openapi-gen=true
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
-// +kubebuilder:subresource:scale:specpath=.spec.replicas,statuspath=.status.replicas,selectorpath=.status.selector
+// +kubebuilder:subresource:scale:specpath=.spec.replicas,statuspath=.status.replicas,selectorpath=.status.labelSelector
 // +kubebuilder:resource:shortName=ud
 // +kubebuilder:printcolumn:name="DESIRED",type="integer",JSONPath=".spec.replicas",description="The desired number of pods."
 // +kubebuilder:printcolumn:name="CURRENT",type="integer",JSONPath=".status.replicas",description="The number of currently all pods."

apis/apps/v1alpha1/well_know_annotations.go

@@ -0,0 +1,8 @@
+package v1alpha1
+
+const (
+	// AnnotationUsingEnhancedLiveness indicates that the enhanced liveness probe of pod is enabled.
+	AnnotationUsingEnhancedLiveness = "apps.kruise.io/using-enhanced-liveness"
+	// AnnotationUsingEnhancedLiveness indicates the backup probe (json types) of the pod native container livnessprobe configuration.
+	AnnotationNativeContainerProbeContext = "apps.kruise.io/container-probe-context"
+)

apis/apps/v1alpha1/well_known_labels.go

@@ -4,6 +4,9 @@ const (
 	// ControllerRevisionHashLabelKey is used to record the controller revision of current resource.
 	ControllerRevisionHashLabelKey = "apps.kruise.io/controller-revision-hash"
 
+	// ReservedPodLabelKey is used to mark the reserved pods.
+	ReservedPodLabelKey = "apps.kruise.io/united-deployment-reserved-pod"
+
 	// SubSetNameLabelKey is used to record the name of current subset.
 	SubSetNameLabelKey = "apps.kruise.io/subset-name"
 
@@ -15,4 +18,21 @@ const (
 
 	// ImagePreDownloadIgnoredKey indicates the images of this revision have been ignored to pre-download
 	ImagePreDownloadIgnoredKey = "apps.kruise.io/image-predownload-ignored"
+	// AnnotationSubsetPatchKey indicates the patch for every subset
+	AnnotationSubsetPatchKey = "apps.kruise.io/subset-patch"
+)
+
+// Sidecar container environment variable definitions which are used to enable SidecarTerminator to take effect on the sidecar container.
+const (
+	// KruiseTerminateSidecarEnv is an env name, which represents a switch to enable sidecar terminator.
+	// The corresponding value is "true", which means apply a crr to kill sidecar using kruise-daemon.
+	KruiseTerminateSidecarEnv = "KRUISE_TERMINATE_SIDECAR_WHEN_JOB_EXIT"
+
+	// KruiseTerminateSidecarWithImageEnv is an env name, which refers to an image that will replace the original image
+	// using in-place update strategy to kill sidecar. This image must be given if you want to use in-place update
+	// strategy to terminate sidecar containers.
+	KruiseTerminateSidecarWithImageEnv = "KRUISE_TERMINATE_SIDECAR_WHEN_JOB_EXIT_WITH_IMAGE"
+
+	// KruiseIgnoreContainerExitCodeEnv is an env name, which represents a switch to ignore the exit code of sidecar container.
+	KruiseIgnoreContainerExitCodeEnv = "KRUISE_TERMINATE_SIDECAR_IGNORE_EXIT_CODE"
 )

apis/apps/v1alpha1/workloadspread_types.go

@@ -28,8 +28,15 @@ type WorkloadSpreadSpec struct {
 	// TargetReference is the target workload that WorkloadSpread want to control.
 	TargetReference *TargetReference `json:"targetRef"`
 
+	// TargetFilter allows WorkloadSpread to manage only a portion of the Pods in the TargetReference:
+	// by specifying the criteria for the Pods to be managed through a label selector,
+	// and by specifying how to obtain the total number of these selected Pods from the workload using replicasPaths.
+	TargetFilter *TargetFilter `json:"targetFilter,omitempty"`
+
 	// Subsets describes the pods distribution details between each of subsets.
-	Subsets []WorkloadSpreadSubset `json:"subsets"`
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	Subsets []WorkloadSpreadSubset `json:"subsets" patchStrategy:"merge" patchMergeKey:"name"`
 
 	// ScheduleStrategy indicates the strategy the WorkloadSpread used to preform the schedule between each of subsets.
 	// +optional
@@ -46,6 +53,58 @@ type TargetReference struct {
 	Name string `json:"name"`
 }
 
+/*
+TargetFilter is an optional parameter that allows WorkloadSpread to manage only a subset of the Pods generated by the target workload.
+
+For example, suppose a WorkloadSpread points to the following Kubeflow TFJob resource:
+
+	```yaml
+	apiVersion: kubeflow.org/v1
+	kind: TFJob
+	spec:
+	  tfReplicaSpecs:
+		PS:
+		  replicas: 1
+		  ...
+		MASTER:
+		  replicas: 1
+		  ...
+		Worker:
+		  replicas: 2
+		  ...
+	```
+
+If you want to manage only the 2 Worker Pods that are generated, you need to configure the TargetFilter as follows:
+
+	```yaml
+	targetFilter:
+	  selector:
+		matchLabels:
+		  role: worker
+	  replicasPathList:
+		- spec.tfReplicaSpecs.Worker.replicas
+	```
+
+With this configuration, the PS Pods and Master Pods generated by the TFJob will not be managed by WorkloadSpread and will not be
+counted toward the total number of replicas.
+*/
+type TargetFilter struct {
+	// Selector is used to filter the Pods to be managed.
+	//
+	//+optional
+	Selector *metav1.LabelSelector `json:"selector,omitempty"`
+
+	// ReplicasPathList is a list of resource paths used to specify how to determine the total number of replicas of
+	// the target workload after filtering. If this list is not empty, WorkloadSpread will look for the corresponding
+	// values in the target resource according to each path, and treat the sum of these values as the total number of replicas after filtering.
+	//
+	// The replicas path is a dot-separated path, similar to "spec.replicas". If there are arrays, you can use numbers to denote indexes, like "subsets.1.replicas".
+	// The real values of these paths must be integers.
+	//
+	// +optional
+	ReplicasPathList []string `json:"replicasPathList,omitempty"`
+}
+
 // WorkloadSpreadScheduleStrategyType is a string enumeration type that enumerates
 // all possible schedule strategies for the WorkloadSpread controller.
 // +kubebuilder:validation:Enum=Adaptive;Fixed;""
@@ -110,6 +169,8 @@ type WorkloadSpreadSubset struct {
 
 	// Patch indicates patching podTemplate to the Pod.
 	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
 	Patch runtime.RawExtension `json:"patch,omitempty"`
 }
 
@@ -126,6 +187,11 @@ type WorkloadSpreadStatus struct {
 	// Contains the status of each subset. Each element in this array represents one subset
 	// +optional
 	SubsetStatuses []WorkloadSpreadSubsetStatus `json:"subsetStatuses,omitempty"`
+
+	// VersionedSubsetStatuses is to solve rolling-update problems, where the creation of new-version pod
+	// may be earlier than deletion of old-version pod. We have to calculate the pod subset distribution for
+	// each version.
+	VersionedSubsetStatuses map[string][]WorkloadSpreadSubsetStatus `json:"versionedSubsetStatuses,omitempty"`
 }
 
 type WorkloadSpreadSubsetConditionType string

apis/apps/v1beta1/statefulset_types.go

@@ -29,6 +29,39 @@ const (
 	MaxMinReadySeconds = 300
 )
 
+// VolumeClaimUpdateStrategyType defines the update strategy types for volume claims.
+// It is an enumerated type that provides two different update strategies.
+// +enum
+type VolumeClaimUpdateStrategyType string
+
+const (
+	// OnPodRollingUpdateVolumeClaimUpdateStrategyType indicates that volume claim updates are triggered when associated Pods undergo rolling updates.
+	// This strategy ensures that storage availability and integrity are maintained during the update process.
+	OnPodRollingUpdateVolumeClaimUpdateStrategyType VolumeClaimUpdateStrategyType = "OnPodRollingUpdate"
+
+	// OnPVCDeleteVolumeClaimUpdateStrategyType indicates that updates are triggered when a Persistent Volume Claim (PVC) is deleted.
+	// This strategy places full control of the update timing in the hands of the user, typically executed after ensuring data has been backed up or there are no data security concerns,
+	// allowing for storage resource management that aligns with specific user requirements and security policies.
+	OnPVCDeleteVolumeClaimUpdateStrategyType VolumeClaimUpdateStrategyType = "OnDelete"
+)
+
+// VolumeClaimStatus describes the status of a volume claim template.
+// It provides details about the compatibility and readiness of the volume claim.
+type VolumeClaimStatus struct {
+	// VolumeClaimName is the name of the volume claim.
+	// This is a unique identifier used to reference a specific volume claim.
+	VolumeClaimName string `json:"volumeClaimName"`
+	// CompatibleReplicas is the number of replicas currently compatible with the volume claim.
+	// It indicates how many replicas can function properly, being compatible with this volume claim.
+	// Compatibility is determined by whether the PVC spec storage requests are greater than or equal to the template spec storage requests
+	CompatibleReplicas int32 `json:"compatibleReplicas"`
+	// CompatibleReadyReplicas is the number of replicas that are both ready and compatible with the volume claim.
+	// It highlights that these replicas are not only compatible but also ready to be put into service immediately.
+	// Compatibility is determined by whether the pvc spec storage requests are greater than or equal to the template spec storage requests
+	// The "ready" status is determined by whether the PVC status capacity is greater than or equal to the PVC spec storage requests.
+	CompatibleReadyReplicas int32 `json:"compatibleReadyReplicas"`
+}
+
 // StatefulSetUpdateStrategy indicates the strategy that the StatefulSet
 // controller will use to perform updates. It includes any additional parameters
 // necessary to perform the update for the indicated strategy.
@@ -42,11 +75,18 @@ type StatefulSetUpdateStrategy struct {
 	RollingUpdate *RollingUpdateStatefulSetStrategy `json:"rollingUpdate,omitempty"`
 }
 
+// VolumeClaimUpdateStrategy defines the strategy for updating volume claims.
+// This structure is used to control how updates to PersistentVolumeClaims are handled during pod rolling updates or PersistentVolumeClaim deletions.
+type VolumeClaimUpdateStrategy struct {
+	// Type specifies the type of update strategy, possible values include:
+	// OnPodRollingUpdateVolumeClaimUpdateStrategyType: Apply the update strategy during pod rolling updates.
+	// OnPVCDeleteVolumeClaimUpdateStrategyType: Apply the update strategy when a PersistentVolumeClaim is deleted.
+	Type VolumeClaimUpdateStrategyType `json:"type,omitempty"`
+}
+
 // RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType.
 type RollingUpdateStatefulSetStrategy struct {
-	// Partition indicates the ordinal at which the StatefulSet should be partitioned by default.
-	// But if unorderedUpdate has been set:
-	//   - Partition indicates the number of pods with non-updated revisions when rolling update.
+	// Partition indicates the number of pods the StatefulSet should be partitioned by default.
 	//   - It means controller will update $(replicas - partition) number of pod.
 	// Default value is 0.
 	// +optional
@@ -109,6 +149,55 @@ const (
 	InPlaceOnlyPodUpdateStrategyType PodUpdateStrategyType = "InPlaceOnly"
 )
 
+// PersistentVolumeClaimRetentionPolicyType is a string enumeration of the policies that will determine
+// when volumes from the VolumeClaimTemplates will be deleted when the controlling StatefulSet is
+// deleted or scaled down.
+type PersistentVolumeClaimRetentionPolicyType string
+
+const (
+	// RetainPersistentVolumeClaimRetentionPolicyType is the default
+	// PersistentVolumeClaimRetentionPolicy and specifies that
+	// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates
+	// will not be deleted.
+	RetainPersistentVolumeClaimRetentionPolicyType PersistentVolumeClaimRetentionPolicyType = "Retain"
+	// DeletePersistentVolumeClaimRetentionPolicyType specifies that
+	// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates
+	// will be deleted in the scenario specified in
+	// StatefulSetPersistentVolumeClaimPolicy.
+	DeletePersistentVolumeClaimRetentionPolicyType PersistentVolumeClaimRetentionPolicyType = "Delete"
+)
+
+// StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs
+// created from the StatefulSet VolumeClaims.
+type StatefulSetPersistentVolumeClaimRetentionPolicy struct {
+	// WhenDeleted specifies what happens to PVCs created from StatefulSet
+	// VolumeClaimTemplates when the StatefulSet is deleted. The default policy
+	// of `Retain` causes PVCs to not be affected by StatefulSet deletion. The
+	// `Delete` policy causes those PVCs to be deleted.
+	WhenDeleted PersistentVolumeClaimRetentionPolicyType `json:"whenDeleted,omitempty"`
+	// WhenScaled specifies what happens to PVCs created from StatefulSet
+	// VolumeClaimTemplates when the StatefulSet is scaled down. The default
+	// policy of `Retain` causes PVCs to not be affected by a scaledown. The
+	// `Delete` policy causes the associated PVCs for any excess pods above
+	// the replica count to be deleted.
+	WhenScaled PersistentVolumeClaimRetentionPolicyType `json:"whenScaled,omitempty"`
+}
+
+// StatefulSetOrdinals describes the policy used for replica ordinal assignment
+// in this StatefulSet.
+type StatefulSetOrdinals struct {
+	// start is the number representing the first replica's index. It may be used
+	// to number replicas from an alternate index (eg: 1-indexed) over the default
+	// 0-indexed names, or to orchestrate progressive movement of replicas from
+	// one StatefulSet to another.
+	// If set, replica indices will be in the range:
+	//   [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas).
+	// If unset, defaults to 0. Replica indices will be in the range:
+	//   [0, .spec.replicas).
+	// +optional
+	Start int32 `json:"start" protobuf:"varint,1,opt,name=start"`
+}
+
 // StatefulSetSpec defines the desired state of StatefulSet
 type StatefulSetSpec struct {
 	// replicas is the desired number of replicas of the given Template.
@@ -128,6 +217,8 @@ type StatefulSetSpec struct {
 	// insufficient replicas are detected. Each pod stamped out by the StatefulSet
 	// will fulfill this Template, but have a unique identity from the rest
 	// of the StatefulSet.
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
 	Template v1.PodTemplateSpec `json:"template"`
 
 	// volumeClaimTemplates is a list of claims that pods are allowed to reference.
@@ -138,8 +229,15 @@ type StatefulSetSpec struct {
 	// any volumes in the template, with the same name.
 	// TODO: Define the behavior if a claim already exists with the same name.
 	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
+	// +kubebuilder:validation:Schemaless
 	VolumeClaimTemplates []v1.PersistentVolumeClaim `json:"volumeClaimTemplates,omitempty"`
 
+	// VolumeClaimUpdateStrategy specifies the strategy for updating VolumeClaimTemplates within a StatefulSet.
+	// This field is currently only effective if the StatefulSetAutoResizePVCGate is enabled.
+	// +optional
+	VolumeClaimUpdateStrategy VolumeClaimUpdateStrategy `json:"volumeClaimUpdateStrategy,omitempty"`
+
 	// serviceName is the name of the service that governs this StatefulSet.
 	// This service must exist before the StatefulSet, and is responsible for
 	// the network identity of the set. Pods get DNS/hostnames that follow the
@@ -176,7 +274,8 @@ type StatefulSetSpec struct {
 	//   Then controller will delete Pod-1 and create Pod-3 (existing Pods will be [0, 2, 3])
 	// - If you just want to delete Pod-1, you should set spec.reserveOrdinal to [1] and spec.replicas to 2.
 	//   Then controller will delete Pod-1 (existing Pods will be [0, 2])
-	ReserveOrdinals []int `json:"reserveOrdinals,omitempty"`
+	// You can also use ranges along with numbers, such as [1, 3-5], which is a shortcut for [1, 3, 4, 5].
+	ReserveOrdinals []intstr.IntOrString `json:"reserveOrdinals,omitempty"`
 
 	// Lifecycle defines the lifecycle hooks for Pods pre-delete, in-place update.
 	Lifecycle *appspub.Lifecycle `json:"lifecycle,omitempty"`
@@ -184,6 +283,20 @@ type StatefulSetSpec struct {
 	// scaleStrategy indicates the StatefulSetScaleStrategy that will be
 	// employed to scale Pods in the StatefulSet.
 	ScaleStrategy *StatefulSetScaleStrategy `json:"scaleStrategy,omitempty"`
+
+	// PersistentVolumeClaimRetentionPolicy describes the policy used for PVCs created from
+	// the StatefulSet VolumeClaimTemplates. This requires the
+	// StatefulSetAutoDeletePVC feature gate to be enabled, which is alpha.
+	// +optional
+	PersistentVolumeClaimRetentionPolicy *StatefulSetPersistentVolumeClaimRetentionPolicy `json:"persistentVolumeClaimRetentionPolicy,omitempty"`
+
+	// ordinals controls the numbering of replica indices in a StatefulSet. The
+	// default ordinals behavior assigns a "0" index to the first replica and
+	// increments the index by one for each additional replica requested. Using
+	// the ordinals field requires the StatefulSetStartOrdinal feature gate to be
+	// enabled, which is beta.
+	// +optional
+	Ordinals *StatefulSetOrdinals `json:"ordinals,omitempty"`
 }
 
 // StatefulSetScaleStrategy defines strategies for pods scale.
@@ -220,6 +333,13 @@ type StatefulSetStatus struct {
 	// indicated by updateRevision.
 	UpdatedReplicas int32 `json:"updatedReplicas"`
 
+	// updatedReadyReplicas is the number of updated Pods created by the StatefulSet controller that have a Ready Condition.
+	UpdatedReadyReplicas int32 `json:"updatedReadyReplicas,omitempty"`
+
+	// updatedAvailableReplicas is the number of updated Pods created by the StatefulSet controller that have a Ready condition
+	//for atleast minReadySeconds.
+	UpdatedAvailableReplicas int32 `json:"updatedAvailableReplicas,omitempty"`
+
 	// currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the
 	// sequence [0,currentReplicas).
 	CurrentRevision string `json:"currentRevision,omitempty"`
@@ -242,6 +362,12 @@ type StatefulSetStatus struct {
 
 	// LabelSelector is label selectors for query over pods that should match the replica count used by HPA.
 	LabelSelector string `json:"labelSelector,omitempty"`
+
+	// VolumeClaims represents the status of compatibility between existing PVCs
+	// and their respective templates. It tracks whether the PersistentVolumeClaims have been updated
+	// to match any changes made to the volumeClaimTemplates, ensuring synchronization
+	// between the defined templates and the actual PersistentVolumeClaims in use.
+	VolumeClaims []VolumeClaimStatus `json:"volumeClaims,omitempty"`
 }
 
 // These are valid conditions of a statefulset.

apis/apps/v1beta1/zz_generated.deepcopy.go

@@ -1,4 +1,4 @@
-// +build !ignore_autogenerated
+//go:build !ignore_autogenerated
 
 /*
 Copyright 2021 The Kruise Authors.
@@ -128,6 +128,36 @@ func (in *StatefulSetList) DeepCopyObject() runtime.Object {
 	return nil
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *StatefulSetOrdinals) DeepCopyInto(out *StatefulSetOrdinals) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulSetOrdinals.
+func (in *StatefulSetOrdinals) DeepCopy() *StatefulSetOrdinals {
+	if in == nil {
+		return nil
+	}
+	out := new(StatefulSetOrdinals)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *StatefulSetPersistentVolumeClaimRetentionPolicy) DeepCopyInto(out *StatefulSetPersistentVolumeClaimRetentionPolicy) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulSetPersistentVolumeClaimRetentionPolicy.
+func (in *StatefulSetPersistentVolumeClaimRetentionPolicy) DeepCopy() *StatefulSetPersistentVolumeClaimRetentionPolicy {
+	if in == nil {
+		return nil
+	}
+	out := new(StatefulSetPersistentVolumeClaimRetentionPolicy)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *StatefulSetScaleStrategy) DeepCopyInto(out *StatefulSetScaleStrategy) {
 	*out = *in
@@ -169,6 +199,7 @@ func (in *StatefulSetSpec) DeepCopyInto(out *StatefulSetSpec) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
+	out.VolumeClaimUpdateStrategy = in.VolumeClaimUpdateStrategy
 	in.UpdateStrategy.DeepCopyInto(&out.UpdateStrategy)
 	if in.RevisionHistoryLimit != nil {
 		in, out := &in.RevisionHistoryLimit, &out.RevisionHistoryLimit
@@ -177,7 +208,7 @@ func (in *StatefulSetSpec) DeepCopyInto(out *StatefulSetSpec) {
 	}
 	if in.ReserveOrdinals != nil {
 		in, out := &in.ReserveOrdinals, &out.ReserveOrdinals
-		*out = make([]int, len(*in))
+		*out = make([]intstr.IntOrString, len(*in))
 		copy(*out, *in)
 	}
 	if in.Lifecycle != nil {
@@ -190,6 +221,16 @@ func (in *StatefulSetSpec) DeepCopyInto(out *StatefulSetSpec) {
 		*out = new(StatefulSetScaleStrategy)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.PersistentVolumeClaimRetentionPolicy != nil {
+		in, out := &in.PersistentVolumeClaimRetentionPolicy, &out.PersistentVolumeClaimRetentionPolicy
+		*out = new(StatefulSetPersistentVolumeClaimRetentionPolicy)
+		**out = **in
+	}
+	if in.Ordinals != nil {
+		in, out := &in.Ordinals, &out.Ordinals
+		*out = new(StatefulSetOrdinals)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulSetSpec.
@@ -217,6 +258,11 @@ func (in *StatefulSetStatus) DeepCopyInto(out *StatefulSetStatus) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
+	if in.VolumeClaims != nil {
+		in, out := &in.VolumeClaims, &out.VolumeClaims
+		*out = make([]VolumeClaimStatus, len(*in))
+		copy(*out, *in)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulSetStatus.
@@ -268,3 +314,33 @@ func (in *UnorderedUpdateStrategy) DeepCopy() *UnorderedUpdateStrategy {
 	in.DeepCopyInto(out)
 	return out
 }
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *VolumeClaimStatus) DeepCopyInto(out *VolumeClaimStatus) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeClaimStatus.
+func (in *VolumeClaimStatus) DeepCopy() *VolumeClaimStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(VolumeClaimStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *VolumeClaimUpdateStrategy) DeepCopyInto(out *VolumeClaimUpdateStrategy) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeClaimUpdateStrategy.
+func (in *VolumeClaimUpdateStrategy) DeepCopy() *VolumeClaimUpdateStrategy {
+	if in == nil {
+		return nil
+	}
+	out := new(VolumeClaimUpdateStrategy)
+	in.DeepCopyInto(out)
+	return out
+}

apis/policy/v1alpha1/podunavailablebudget_types.go

@@ -24,6 +24,35 @@ import (
 // EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
 // NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
 
+type PubOperation string
+
+const (
+	// PubProtectOperationAnnotation indicates the pub protected Operation[DELETE,UPDATE,EVICT].
+	// if annotations[kruise.io/pub-protect-operations]=EVICT indicates the pub only protect evict pod.
+	// if the annotations do not exist, the default DELETE,EVICT,UPDATE are protected.
+	// RESIZE: Pod vertical scaling action. If it's enabled, all resize action will be protected. RESIZE
+	// is an extension of UPDATE, if RESIZE is disabled and UPDATE is enabled, any UPDATE operation will
+	// be protected only as it will definitely cause container restarts.
+	// UPDATE: Kruise will carefully differentiate whether this update will cause interruptions. When
+	// the FeatureGate InPlacePodVerticalScaling is enabled, pod inplace vertical scaling will be
+	// considered non-disruption only when allowedResources(cpu、memory) changes、restartPolicy
+	// is not restartContainer、is not static pod and QoS not changed. But if featureGate
+	// InPlacePodVerticalScaling is disabled, all resize action will be considered as disruption.
+	PubProtectOperationAnnotation = "kruise.io/pub-protect-operations"
+	// pod webhook operation
+	PubUpdateOperation PubOperation = "UPDATE"
+	PubDeleteOperation PubOperation = "DELETE"
+	PubEvictOperation  PubOperation = "EVICT"
+	PubResizeOperation PubOperation = "RESIZE"
+	// PubProtectTotalReplicasAnnotation is the target replicas.
+	// By default, PUB will get the target replicas through workload.spec.replicas. but there are some scenarios that may workload doesn't
+	// implement scale subresources or Pod doesn't have workload management. In this scenario, you can set pub.kruise.io/protect-total-replicas
+	// in pub annotations to get the target replicas to realize the same effect of protection ability.
+	PubProtectTotalReplicasAnnotation = "pub.kruise.io/protect-total-replicas"
+	// Marked the pod will not be pub-protected, solving the scenario of force pod deletion
+	PodPubNoProtectionAnnotation = "pub.kruise.io/no-protect"
+)
+
 // PodUnavailableBudgetSpec defines the desired state of PodUnavailableBudget
 type PodUnavailableBudgetSpec struct {
 	// Selector label query over pods managed by the budget

apis/policy/v1alpha1/zz_generated.deepcopy.go

@@ -1,4 +1,4 @@
-// +build !ignore_autogenerated
+//go:build !ignore_autogenerated
 
 /*
 Copyright 2021 The Kruise Authors.

charts/kruise/v0.1.0/.helmignore

@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj

charts/kruise/v0.1.0/Chart.yaml

@@ -1,17 +0,0 @@
-apiVersion: v1
-name: kruise
-description: Helm chart for all kruise-manager components
-version: 0.1.0
-appVersion: 0.1.0
-icon: http://openkruise.io/img/kruise_white.png
-keywords:
-  - kubernetes
-  - kruise
-  - workload
-  - statefulset
-  - sidecar
-  - job
-  - deployment
-home: https://openkruise.io
-sources:
-  - https://github.com/openkruise/kruise

charts/kruise/v0.1.0/README.md

@@ -1,93 +0,0 @@
-# Kruise
-
-## Install
-
-```bash
-# git clone https://github.com/openkruise/kruise
-# cd charts/kruise
-# helm install kruise ./
-```
-
-you will see follow:
-
-```
-[root@k8s-master submitted]# helm install kruise ./
-NAME:   kruise
-LAST DEPLOYED: Fri Aug 23 10:37:52 2019
-NAMESPACE: default
-STATUS: DEPLOYED
-
-RESOURCES:
-==> v1/ClusterRole
-NAME                 AGE
-kruise-manager-role  0s
-
-==> v1/ClusterRoleBinding
-NAME                        AGE
-kruise-manager-rolebinding  0s
-
-==> v1/Namespace
-NAME           STATUS  AGE
-kruise-system  Active  0s
-
-==> v1/Pod(related)
-NAME                         READY  STATUS             RESTARTS  AGE
-kruise-controller-manager-0  0/1    ContainerCreating  0         0s
-
-==> v1/Secret
-NAME                          TYPE    DATA  AGE
-kruise-webhook-server-secret  Opaque  0     0s
-
-==> v1/Service
-NAME                               TYPE       CLUSTER-IP    EXTERNAL-IP  PORT(S)  AGE
-kruise-controller-manager-service  ClusterIP  10.98.202.12  <none>       443/TCP  0s
-
-==> v1/StatefulSet
-NAME                       READY  AGE
-kruise-controller-manager  0/1    0s
-
-==> v1beta1/CustomResourceDefinition
-NAME                          AGE
-broadcastjobs.apps.kruise.io  0s
-sidecarsets.apps.kruise.io    0s
-statefulsets.apps.kruise.io   0s
-
-==> v1beta1/MutatingWebhookConfiguration
-NAME                                   AGE
-kruise-mutating-webhook-configuration  0s
-
-==> v1beta1/ValidatingWebhookConfiguration
-NAME                                     AGE
-kruise-validating-webhook-configuration  0s
-
-```
-
-## Uninstall
-
-```bash
-# helm delete kruise
-```
-
-## Configuration
-
-The following table lists the configurable parameters of the kruise chart and their default values.
-
-| Parameter                                 | Description                                                        | Default                             |
-|-------------------------------------------|--------------------------------------------------------------------|-------------------------------------|
-| `log.level`                               | Log level that kruise-manager printed                              | `4`                                 |
-| `revisionHistoryLimit`                    | Limit of revision history                                          | `3`                                 |
-| `manager.resources.limits.cpu`            | CPU resource limit of kruise-manager container                     |                                     |
-| `manager.resources.limits.memory`         | Memory resource limit of kruise-manager container                  |                                     |
-| `manager.resources.requests.cpu`          | CPU resource request of kruise-manager container                   |                                     |
-| `manager.resources.requests.memory`       | Memory resource request of kruise-manager container                |                                     |
-| `manager.metrics.addr`                    | Addr of metrics served                                             | `localhost`                         |
-| `manager.metrics.port`                    | Port of metrics served                                             | `8080`                              |
-| `spec.nodeAffinity`                       | Node affinity policy for kruise-manager pod                        | `{}`                                |
-| `spec.nodeSelector`                       | Node labels for kruise-manager pod                                 | `{}`                                |
-| `spec.tolerations`                        | Tolerations for kruise-manager pod                                 | `[]`
-
-Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
-```bash
-# helm install kruise ./  --set manager.log.level=5
-```

charts/kruise/v0.1.0/templates/_helpers.tpl

@@ -1,32 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "kruise.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "kruise.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "kruise.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}

charts/kruise/v0.1.0/templates/apps_v1alpha1_broadcastjob.yaml

@@ -1,186 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  creationTimestamp: null
-  labels:
-    controller-tools.k8s.io: "1.0"
-  name: broadcastjobs.apps.kruise.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .status.desired
-    description: The desired number of pods. This is typically equal to the number
-      of nodes satisfied to run pods.
-    name: Desired
-    type: integer
-  - JSONPath: .status.active
-    description: The number of actively running pods.
-    name: Active
-    type: integer
-  - JSONPath: .status.succeeded
-    description: The number of pods which reached phase Succeeded.
-    name: Succeeded
-    type: integer
-  - JSONPath: .status.failed
-    description: The number of pods which reached phase Failed.
-    name: Failed
-    type: integer
-  - JSONPath: .metadata.creationTimestamp
-    description: CreationTimestamp is a timestamp representing the server time when
-      this object was created. It is not guaranteed to be set in happens-before order
-      across separate operations. Clients may not set this value. It is represented
-      in RFC3339 form and is in UTC.
-    name: AGE
-    type: date
-  group: apps.kruise.io
-  names:
-    kind: BroadcastJob
-    plural: broadcastjobs
-    shortNames:
-    - bj
-  scope: Namespaced
-  subresources:
-    status: {}
-  validation:
-    openAPIV3Schema:
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          properties:
-            completionPolicy:
-              description: CompletionPolicy indicates the completion policy of the
-                job. Default is Always CompletionPolicyType
-              properties:
-                activeDeadlineSeconds:
-                  description: ActiveDeadlineSeconds specifies the duration in seconds
-                    relative to the startTime that the job may be active before the
-                    system tries to terminate it; value must be positive integer.
-                    Only works for Always type.
-                  format: int64
-                  type: integer
-                backoffLimit:
-                  description: BackoffLimit specifies the number of retries before
-                    marking this job failed. Not setting value means no limit. Only
-                    works for Always type.
-                  format: int32
-                  type: integer
-                ttlSecondsAfterFinished:
-                  description: ttlSecondsAfterFinished limits the lifetime of a Job
-                    that has finished execution (either Complete or Failed). If this
-                    field is set, ttlSecondsAfterFinished after the Job finishes,
-                    it is eligible to be automatically deleted. When the Job is being
-                    deleted, its lifecycle guarantees (e.g. finalizers) will be honored.
-                    If this field is unset, the Job won't be automatically deleted.
-                    If this field is set to zero, the Job becomes eligible to be deleted
-                    immediately after it finishes. This field is alpha-level and is
-                    only honored by servers that enable the TTLAfterFinished feature.
-                    Only works for Always type
-                  format: int32
-                  type: integer
-                type:
-                  description: Type indicates the type of the CompletionPolicy Default
-                    is Always
-                  type: string
-              type: object
-            parallelism:
-              description: Parallelism specifies the maximum desired number of pods
-                the job should run at any given time. The actual number of pods running
-                in steady state will be less than this number when the work left to
-                do is less than max parallelism. Not setting this value means no limit.
-              format: int32
-              type: integer
-            template:
-              description: Template describes the pod that will be created when executing
-                a job.
-              type: object
-          required:
-          - template
-          - completionPolicy
-          type: object
-        status:
-          properties:
-            active:
-              description: The number of actively running pods.
-              format: int32
-              type: integer
-            completionTime:
-              description: Represents time when the job was completed. It is not guaranteed
-                to be set in happens-before order across separate operations. It is
-                represented in RFC3339 form and is in UTC.
-              format: date-time
-              type: string
-            conditions:
-              description: The latest available observations of an object's current
-                state. +patchMergeKey=type +patchStrategy=merge
-              items:
-                properties:
-                  lastProbeTime:
-                    description: Last time the condition was checked.
-                    format: date-time
-                    type: string
-                  lastTransitionTime:
-                    description: Last time the condition transit from one status to
-                      another.
-                    format: date-time
-                    type: string
-                  message:
-                    description: Human readable message indicating details about last
-                      transition.
-                    type: string
-                  reason:
-                    description: (brief) reason for the condition's last transition.
-                    type: string
-                  status:
-                    description: Status of the condition, one of True, False, Unknown.
-                    type: string
-                  type:
-                    description: Type of job condition, Complete or Failed.
-                    type: string
-                required:
-                - type
-                - status
-                type: object
-              type: array
-            desired:
-              description: The desired number of pods, this is typically equal to
-                the number of nodes satisfied to run pods.
-              format: int32
-              type: integer
-            failed:
-              description: The number of pods which reached phase Failed.
-              format: int32
-              type: integer
-            startTime:
-              description: Represents time when the job was acknowledged by the job
-                controller. It is not guaranteed to be set in happens-before order
-                across separate operations. It is represented in RFC3339 form and
-                is in UTC.
-              format: date-time
-              type: string
-            succeeded:
-              description: The number of pods which reached phase Succeeded.
-              format: int32
-              type: integer
-          required:
-          - active
-          - succeeded
-          - failed
-          - desired
-          type: object
-  version: v1alpha1
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/kruise/v0.1.0/templates/apps_v1alpha1_sidecarset.yaml

@@ -1,101 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  creationTimestamp: null
-  labels:
-    controller-tools.k8s.io: "1.0"
-  name: sidecarsets.apps.kruise.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .status.matchedPods
-    description: The number of pods matched.
-    name: MATCHED
-    type: integer
-  - JSONPath: .status.updatedPods
-    description: The number of pods matched and updated.
-    name: UPDATED
-    type: integer
-  - JSONPath: .status.readyPods
-    description: The number of pods matched and ready.
-    name: READY
-    type: integer
-  - JSONPath: .metadata.creationTimestamp
-    description: CreationTimestamp is a timestamp representing the server time when
-      this object was created. It is not guaranteed to be set in happens-before order
-      across separate operations. Clients may not set this value. It is represented
-      in RFC3339 form and is in UTC.
-    name: AGE
-    type: date
-  group: apps.kruise.io
-  names:
-    kind: SidecarSet
-    plural: sidecarsets
-  scope: Cluster
-  subresources:
-    status: {}
-  validation:
-    openAPIV3Schema:
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          properties:
-            containers:
-              description: Containers is the list of sidecar containers to be injected
-                into the selected pod
-              items:
-                type: object
-              type: array
-            paused:
-              description: Paused indicates that the sidecarset is paused and will
-                not be processed by the sidecarset controller.
-              type: boolean
-            selector:
-              description: selector is a label query over pods that should be injected
-              type: object
-          type: object
-        status:
-          properties:
-            matchedPods:
-              description: matchedPods is the number of Pods whose labels are matched
-                with this SidecarSet's selector and are created after sidecarset creates
-              format: int32
-              type: integer
-            observedGeneration:
-              description: observedGeneration is the most recent generation observed
-                for this SidecarSet. It corresponds to the SidecarSet's generation,
-                which is updated on mutation by the API Server.
-              format: int64
-              type: integer
-            readyPods:
-              description: readyPods is the number of matched Pods that have a ready
-                condition
-              format: int32
-              type: integer
-            updatedPods:
-              description: updatedPods is the number of matched Pods that are injected
-                with the latest SidecarSet's containers
-              format: int32
-              type: integer
-          required:
-          - matchedPods
-          - updatedPods
-          - readyPods
-          type: object
-  version: v1alpha1
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/kruise/v0.1.0/templates/apps_v1alpha1_statefulset.yaml

@@ -1,221 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  creationTimestamp: null
-  labels:
-    controller-tools.k8s.io: "1.0"
-  name: statefulsets.apps.kruise.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .spec.replicas
-    description: The desired number of pods.
-    name: DESIRED
-    type: integer
-  - JSONPath: .status.replicas
-    description: The number of currently all pods.
-    name: CURRENT
-    type: integer
-  - JSONPath: .status.updatedReplicas
-    description: The number of pods updated.
-    name: UPDATED
-    type: integer
-  - JSONPath: .status.readyReplicas
-    description: The number of pods ready.
-    name: READY
-    type: integer
-  - JSONPath: .metadata.creationTimestamp
-    description: CreationTimestamp is a timestamp representing the server time when
-      this object was created. It is not guaranteed to be set in happens-before order
-      across separate operations. Clients may not set this value. It is represented
-      in RFC3339 form and is in UTC.
-    name: AGE
-    type: date
-  group: apps.kruise.io
-  names:
-    kind: StatefulSet
-    plural: statefulsets
-    shortNames:
-    - sts
-  scope: Namespaced
-  subresources:
-    scale:
-      labelSelectorPath: .status.labelSelector
-      specReplicasPath: .spec.replicas
-      statusReplicasPath: .status.replicas
-    status: {}
-  validation:
-    openAPIV3Schema:
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          properties:
-            podManagementPolicy:
-              description: podManagementPolicy controls how pods are created during
-                initial scale up, when replacing pods on nodes, or when scaling down.
-                The default policy is `OrderedReady`, where pods are created in increasing
-                order (pod-0, then pod-1, etc) and the controller will wait until
-                each pod is ready before continuing. When scaling down, the pods are
-                removed in the opposite order. The alternative policy is `Parallel`
-                which will create pods in parallel to match the desired scale without
-                waiting, and on scale down will delete all pods at once.
-              type: string
-            replicas:
-              description: 'replicas is the desired number of replicas of the given
-                Template. These are replicas in the sense that they are instantiations
-                of the same Template, but individual replicas also have a consistent
-                identity. If unspecified, defaults to 1. TODO: Consider a rename of
-                this field.'
-              format: int32
-              type: integer
-            revisionHistoryLimit:
-              description: revisionHistoryLimit is the maximum number of revisions
-                that will be maintained in the StatefulSet's revision history. The
-                revision history consists of all revisions not represented by a currently
-                applied StatefulSetSpec version. The default value is 10.
-              format: int32
-              type: integer
-            selector:
-              description: 'selector is a label query over pods that should match
-                the replica count. It must match the pod template''s labels. More
-                info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
-              type: object
-            serviceName:
-              description: 'serviceName is the name of the service that governs this
-                StatefulSet. This service must exist before the StatefulSet, and is
-                responsible for the network identity of the set. Pods get DNS/hostnames
-                that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local
-                where "pod-specific-string" is managed by the StatefulSet controller.'
-              type: string
-            template:
-              description: template is the object that describes the pod that will
-                be created if insufficient replicas are detected. Each pod stamped
-                out by the StatefulSet will fulfill this Template, but have a unique
-                identity from the rest of the StatefulSet.
-              type: object
-            updateStrategy:
-              description: updateStrategy indicates the StatefulSetUpdateStrategy
-                that will be employed to update Pods in the StatefulSet when a revision
-                is made to Template.
-              properties:
-                rollingUpdate:
-                  description: RollingUpdate is used to communicate parameters when
-                    Type is RollingUpdateStatefulSetStrategyType.
-                  properties:
-                    maxUnavailable:
-                      description: 'The maximum number of pods that can be unavailable
-                        during the update. Value can be an absolute number (ex: 5)
-                        or a percentage of desired pods (ex: 10%). Absolute number
-                        is calculated from percentage by rounding down. Also, maxUnavailable
-                        can just be allowed to work with Parallel podManagementPolicy.
-                        Defaults to 1.'
-                      oneOf:
-                      - type: string
-                      - type: integer
-                    partition:
-                      description: Partition indicates the ordinal at which the StatefulSet
-                        should be partitioned. Default value is 0.
-                      format: int32
-                      type: integer
-                    paused:
-                      description: Paused indicates that the StatefulSet is paused.
-                        Default value is false
-                      type: boolean
-                    podUpdatePolicy:
-                      description: PodUpdatePolicy indicates how pods should be updated
-                        Default value is "ReCreate"
-                      type: string
-                  type: object
-                type:
-                  description: Type indicates the type of the StatefulSetUpdateStrategy.
-                    Default is RollingUpdate.
-                  type: string
-              type: object
-            volumeClaimTemplates:
-              description: 'volumeClaimTemplates is a list of claims that pods are
-                allowed to reference. The StatefulSet controller is responsible for
-                mapping network identities to claims in a way that maintains the identity
-                of a pod. Every claim in this list must have at least one matching
-                (by name) volumeMount in one container in the template. A claim in
-                this list takes precedence over any volumes in the template, with
-                the same name. TODO: Define the behavior if a claim already exists
-                with the same name.'
-              items:
-                type: object
-              type: array
-          required:
-          - selector
-          - template
-          type: object
-        status:
-          properties:
-            collisionCount:
-              description: collisionCount is the count of hash collisions for the
-                StatefulSet. The StatefulSet controller uses this field as a collision
-                avoidance mechanism when it needs to create the name for the newest
-                ControllerRevision.
-              format: int32
-              type: integer
-            conditions:
-              description: Represents the latest available observations of a statefulset's
-                current state. +patchMergeKey=type +patchStrategy=merge
-              items:
-                type: object
-              type: array
-            currentReplicas:
-              description: currentReplicas is the number of Pods created by the StatefulSet
-                controller from the StatefulSet version indicated by currentRevision.
-              format: int32
-              type: integer
-            currentRevision:
-              description: currentRevision, if not empty, indicates the version of
-                the StatefulSet used to generate Pods in the sequence [0,currentReplicas).
-              type: string
-            observedGeneration:
-              description: observedGeneration is the most recent generation observed
-                for this StatefulSet. It corresponds to the StatefulSet's generation,
-                which is updated on mutation by the API Server.
-              format: int64
-              type: integer
-            readyReplicas:
-              description: readyReplicas is the number of Pods created by the StatefulSet
-                controller that have a Ready Condition.
-              format: int32
-              type: integer
-            replicas:
-              description: replicas is the number of Pods created by the StatefulSet
-                controller.
-              format: int32
-              type: integer
-            updateRevision:
-              description: updateRevision, if not empty, indicates the version of
-                the StatefulSet used to generate Pods in the sequence [replicas-updatedReplicas,replicas)
-              type: string
-            updatedReplicas:
-              description: updatedReplicas is the number of Pods created by the StatefulSet
-                controller from the StatefulSet version indicated by updateRevision.
-              format: int32
-              type: integer
-          required:
-          - replicas
-          - readyReplicas
-          - currentReplicas
-          - updatedReplicas
-          type: object
-  version: v1alpha1
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

charts/kruise/v0.1.0/templates/manager.yaml

@@ -1,111 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  labels:
-    control-plane: controller-manager
-    controller-tools.k8s.io: "1.0"
-  name: kruise-system
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    control-plane: controller-manager
-    controller-tools.k8s.io: "1.0"
-  name: kruise-controller-manager-service
-  namespace: kruise-system
-spec:
-  ports:
-    - port: 443
-  selector:
-    control-plane: controller-manager
-    controller-tools.k8s.io: "1.0"
----
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  labels:
-    control-plane: controller-manager
-    controller-tools.k8s.io: "1.0"
-  name: kruise-controller-manager
-  namespace: kruise-system
-spec:
-  replicas: 1
-  serviceName: kruise-controller-manager-service
-  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
-  selector:
-    matchLabels:
-      control-plane: controller-manager
-      controller-tools.k8s.io: "1.0"
-  template:
-    metadata:
-      annotations:
-        prometheus.io/scrape: "true"
-      labels:
-        control-plane: controller-manager
-        controller-tools.k8s.io: "1.0"
-    spec:
-      containers:
-        - command:
-            - /manager
-          args:
-            - "--metrics-addr={{ .Values.manager.metrics.addr }}:{{ .Values.manager.metrics.port }}"
-            - "--logtostderr=true"
-            - "--v={{ .Values.manager.log.level }}"
-          env:
-            - name: POD_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: SECRET_NAME
-              value: kruise-webhook-server-secret
-          image: openkruise/kruise-manager:v0.1.0
-          imagePullPolicy: Always
-          name: manager
-          ports:
-            - containerPort: {{ .Values.manager.metrics.port }}
-              name: metrics
-              protocol: TCP
-            - containerPort: 9876
-              name: webhook-server
-              protocol: TCP
-          readinessProbe:
-            tcpSocket:
-              port: 9876
-          resources:
-            {{- toYaml .Values.manager.resources | nindent 12 }}
-          volumeMounts:
-            - mountPath: /tmp/cert
-              name: cert
-              readOnly: true
-      terminationGracePeriodSeconds: 10
-
-{{- if .Values.spec.nodeAffinity }}
-      affinity:
-{{- end }}
-{{- with .Values.spec.nodeAffinity }}
-        nodeAffinity:
-{{ toYaml . | indent 10 }}
-{{- end }}
-
-{{- if .Values.spec.nodeSelector }}
-      nodeSelector:
-{{ toYaml .Values.spec.nodeSelector | indent 8 }}
-{{- end }}
-
-{{- if .Values.spec.tolerations }}
-      tolerations:
-{{ toYaml .Values.spec.tolerations | indent 8 }}
-{{- end }}
-
-      volumes:
-        - name: cert
-          secret:
-            defaultMode: 420
-            secretName: kruise-webhook-server-secret
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: kruise-webhook-server-secret
-  namespace: kruise-system

charts/kruise/v0.1.0/templates/rbac_role.yaml

@@ -1,199 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  creationTimestamp: null
-  name: kruise-manager-role
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - pods/status
-  verbs:
-  - get
-  - update
-  - patch
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - broadcastjobs
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - broadcastjobs/status
-  verbs:
-  - get
-  - update
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - sidecarsets
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - sidecarsets/status
-  verbs:
-  - get
-  - update
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - pods/status
-  verbs:
-  - get
-  - update
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - persistentvolumeclaims
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apps
-  resources:
-  - controllerrevisions
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - statefulsets
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - statefulsets/status
-  verbs:
-  - get
-  - update
-  - patch
-- apiGroups:
-  - admissionregistration.k8s.io
-  resources:
-  - mutatingwebhookconfigurations
-  - validatingwebhookconfigurations
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - services
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete

charts/kruise/v0.1.0/templates/rbac_role_binding.yaml

@@ -1,13 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  creationTimestamp: null
-  name: kruise-manager-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kruise-manager-role
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: kruise-system 

charts/kruise/v0.1.0/templates/webhookconfiguration.yaml

@@ -1,76 +0,0 @@
-apiVersion: admissionregistration.k8s.io/v1beta1
-kind: MutatingWebhookConfiguration
-metadata:
-  name: kruise-mutating-webhook-configuration
----
-apiVersion: admissionregistration.k8s.io/v1beta1
-kind: ValidatingWebhookConfiguration
-metadata:
-  name: kruise-validating-webhook-configuration
-webhooks:
-  - clientConfig:
-      caBundle: fake
-      service:
-        name: kruise-webhook-server-service
-        namespace: kruise-system
-        path: /validating-create-update-broadcastjob
-    failurePolicy: Fail
-    name: validating-create-update-broadcastjob.kruise.io
-    namespaceSelector:
-      matchExpressions:
-        - key: control-plane
-          operator: DoesNotExist
-    rules:
-      - apiGroups:
-          - apps.kruise.io
-        apiVersions:
-          - v1alpha1
-        operations:
-          - CREATE
-          - UPDATE
-        resources:
-          - broadcastjobs
-  - clientConfig:
-      caBundle: fake
-      service:
-        name: kruise-webhook-server-service
-        namespace: kruise-system
-        path: /validating-create-update-sidecarset
-    failurePolicy: Fail
-    name: validating-create-update-sidecarset.kruise.io
-    namespaceSelector:
-      matchExpressions:
-        - key: control-plane
-          operator: DoesNotExist
-    rules:
-      - apiGroups:
-          - apps.kruise.io
-        apiVersions:
-          - v1alpha1
-        operations:
-          - CREATE
-          - UPDATE
-        resources:
-          - sidecarsets
-  - clientConfig:
-      caBundle: fake
-      service:
-        name: kruise-webhook-server-service
-        namespace: kruise-system
-        path: /validating-create-update-statefulset
-    failurePolicy: Fail
-    name: validating-create-update-statefulset.kruise.io
-    namespaceSelector:
-      matchExpressions:
-        - key: control-plane
-          operator: DoesNotExist
-    rules:
-      - apiGroups:
-          - apps.kruise.io
-        apiVersions:
-          - v1alpha1
-        operations:
-          - CREATE
-          - UPDATE
-        resources:
-          - statefulsets

charts/kruise/v0.1.0/values.yaml

@@ -1,27 +0,0 @@
-# Default values for kruise.
-
-revisionHistoryLimit: 3
-
-spec:
-  nodeAffinity: {}
-  nodeSelector: {}
-  tolerations: []
-
-manager:
-  # settings for log print
-  log:
-    # log level for kruise-manager
-    level: "4"
-
-  # resources of kruise-manager container
-  resources:
-    limits:
-      cpu: 100m
-      memory: 100Mi
-    requests:
-      cpu: 100m
-      memory: 60Mi
-
-  metrics:
-    addr: localhost
-    port: 8080

charts/kruise/v0.10.0/.helmignore

@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj

charts/kruise/v0.10.0/Chart.yaml

@@ -1,16 +0,0 @@
-apiVersion: v1
-name: kruise
-description: Helm chart for kruise components
-version: 0.10.0
-icon: http://openkruise.io/img/kruise_white.png
-keywords:
-  - kubernetes
-  - kruise
-  - workload
-  - statefulset
-  - sidecar
-  - job
-  - deployment
-home: https://openkruise.io
-sources:
-  - https://github.com/openkruise/kruise

charts/kruise/v0.10.0/README.md

@@ -1,94 +0,0 @@
-# Kruise
-
-## Install
-
-We strongly recommend you to use Kruise with **Kubernetes version >= 1.16**.
-For these clusters, you can simply install Kruise with helm v3.1.0+:
-
-```bash
-helm install kruise https://github.com/openkruise/kruise/releases/download/v0.10.0/kruise-chart.tgz
-```
-
-> Note that installing this chart directly means it will use the default template values for the kruise-manager.
-You may have to set your specific configurations when it is deployed into a production cluster or you want to configure feature-gates.
-
-For more installation/upgrade details or older Kubernetes versions, please read [this doc](https://openkruise.io/en-us/docs/installation.html).
-
-## Uninstall
-
-```bash
-$ helm delete kruise
-release "kruise" uninstalled
-```
-
-## Configuration
-
-The following table lists the configurable parameters of the kruise chart and their default values.
-
-| Parameter                                 | Description                                                  | Default                       |
-| ----------------------------------------- | ------------------------------------------------------------ | ----------------------------- |
-| `featureGates`                            | Feature gates for Kruise, empty string means all enabled     | ``                            |
-| `installation.namespace`                  | namespace for kruise installation                            | `kruise-system`               |
-| `manager.log.level`                       | Log level that kruise-manager printed                        | `4`                           |
-| `manager.replicas`                        | Replicas of kruise-controller-manager deployment             | `2`                           |
-| `manager.image.repository`                | Repository for kruise-manager image                          | `openkruise/kruise-manager`   |
-| `manager.image.tag`                       | Tag for kruise-manager image                                 | `v0.10.0`                     |
-| `manager.resources.limits.cpu`            | CPU resource limit of kruise-manager container               | `100m`                        |
-| `manager.resources.limits.memory`         | Memory resource limit of kruise-manager container            | `256Mi`                       |
-| `manager.resources.requests.cpu`          | CPU resource request of kruise-manager container             | `100m`                        |
-| `manager.resources.requests.memory`       | Memory resource request of kruise-manager container          | `256Mi`                       |
-| `manager.metrics.port`                    | Port of metrics served                                       | `8080`                        |
-| `manager.webhook.port`                    | Port of webhook served                                       | `9443`                        |
-| `manager.nodeAffinity`                    | Node affinity policy for kruise-manager pod                  | `{}`                          |
-| `manager.nodeSelector`                    | Node labels for kruise-manager pod                           | `{}`                          |
-| `manager.tolerations`                     | Tolerations for kruise-manager pod                           | `[]`                          |
-| `daemon.log.level`                        | Log level that kruise-daemon printed                         | `4`                           |
-| `daemon.port`                             | Port of metrics and healthz that kruise-daemon served        | `10221`                       |
-| `daemon.resources.limits.cpu`             | CPU resource limit of kruise-daemon container                | `50m`                         |
-| `daemon.resources.limits.memory`          | Memory resource limit of kruise-daemon container             | `128Mi`                       |
-| `daemon.resources.requests.cpu`           | CPU resource request of kruise-daemon container              | `0`                           |
-| `daemon.resources.requests.memory`        | Memory resource request of kruise-daemon container           | `0`                           |
-| `daemon.affinity`                         | Affinity policy for kruise-daemon pod                        | `{}`                          |
-| `daemon.socketLocation`                   | Location of the container manager control socket             | `/var/run`                    |
-| `webhookConfiguration.failurePolicy.pods` | The failurePolicy for pods in mutating webhook configuration | `Ignore`                      |
-| `webhookConfiguration.timeoutSeconds`     | The timeoutSeconds for all webhook configuration             | `30`                          |
-| `crds.managed`                            | Kruise will not install CRDs with chart if this is false     | `true`                        |
-
-Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
-### Optional: feature-gate
-
-Feature-gate controls some influential features in Kruise:
-
-| Name                   | Description                                                  | Default | Effect (if closed)                   |
-| ---------------------- | ------------------------------------------------------------ | ------- | --------------------------------------
-| `PodWebhook`           | Whether to open a webhook for Pod **create**                 | `true`  | SidecarSet/KruisePodReadinessGate disabled    |
-| `KruiseDaemon`         | Whether to deploy `kruise-daemon` DaemonSet                  | `true`  | ImagePulling/ContainerRecreateRequest disabled |
-| `DaemonWatchingPod`    | Should each `kruise-daemon` watch pods on the same node      | `true`  | For in-place update with same imageID or env from labels/annotations |
-| `CloneSetShortHash`    | Enables CloneSet controller only set revision hash name to pod label | `false` | CloneSet name can not be longer than 54 characters |
-| `KruisePodReadinessGate` | Enables Kruise webhook to inject 'KruisePodReady' readiness-gate to all Pods during creation | `false` | The readiness-gate will only be injected to Pods created by Kruise workloads |
-| `PreDownloadImageForInPlaceUpdate` | Enables CloneSet controller to create ImagePullJobs to pre-download images for in-place update | `false` | No image pre-download for in-place update |
-| `CloneSetPartitionRollback` | Enables CloneSet controller to rollback Pods to currentRevision when number of updateRevision pods is bigger than (replicas - partition) | `false` | CloneSet will only update Pods to updateRevision |
-| `ResourcesDeletionProtection` | Enables protection for resources deletion              | `false` | No protection for resources deletion |
-| `TemplateNoDefaults` | Whether to disable defaults injection for pod/pvc template in workloads | `false` | Should not close this feature if it has open |
-| `PodUnavailableBudgetDeleteGate` | Enables PodUnavailableBudget for pod deletion, eviction           | `false` | No protection for pod deletion, eviction |
-| `PodUnavailableBudgetUpdateGate` | Enables PodUnavailableBudget for pod.Spec update                  | `false` | No protection for in-place update |
-| `WorkloadSpread`                 | Enables WorkloadSpread to manage multi-domain and elastic deploy  | `false` | WorkloadSpread disabled |
-
-If you want to configure the feature-gate, just set the parameter when install or upgrade. Such as:
-
-```bash
-$ helm install kruise https://... --set featureGates="ResourcesDeletionProtection=true\,PreDownloadImageForInPlaceUpdate=true"
-...
-```
-
-If you want to enable all feature-gates, set the parameter as `featureGates=AllAlpha=true`.
-
-### Optional: the local image for China
-
-If you are in China and have problem to pull image from official DockerHub, you can use the registry hosted on Alibaba Cloud:
-
-```bash
-$ helm install kruise https://... --set  manager.image.repository=openkruise-registry.cn-hangzhou.cr.aliyuncs.com/openkruise/kruise-manager
-...
-```

charts/kruise/v0.10.0/templates/_helpers.tpl

@@ -1,32 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "kruise.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "kruise.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "kruise.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}

charts/kruise/v0.10.0/templates/apps.kruise.io_advancedcronjobs.yaml

@@ -1,177 +0,0 @@
-{{- if .Values.crds.managed }}
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.2.9
-  creationTimestamp: null
-  name: advancedcronjobs.apps.kruise.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .spec.schedule
-    description: The schedule of advanced cron job.
-    name: Schedule
-    type: string
-  - JSONPath: .status.type
-    description: Type of cron job.
-    name: Type
-    type: string
-  - JSONPath: .status.lastScheduleTime
-    description: The last time at which job was scheduled.
-    name: LastScheduleTime
-    type: date
-  - JSONPath: .metadata.creationTimestamp
-    description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
-    name: AGE
-    type: date
-  group: apps.kruise.io
-  names:
-    kind: AdvancedCronJob
-    listKind: AdvancedCronJobList
-    plural: advancedcronjobs
-    shortNames:
-    - acj
-    singular: advancedcronjob
-  scope: Namespaced
-  subresources:
-    status: {}
-  validation:
-    openAPIV3Schema:
-      description: AdvancedCronJob is the Schema for the advancedcronjobs API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: AdvancedCronJobSpec defines the desired state of AdvancedCronJob
-          properties:
-            concurrencyPolicy:
-              description: 'Specifies how to treat concurrent executions of a Job. Valid values are: - "Allow" (default): allows CronJobs to run concurrently; - "Forbid": forbids concurrent runs, skipping next run if previous run hasn''t finished yet; - "Replace": cancels currently running job and replaces it with a new one'
-              enum:
-              - Allow
-              - Forbid
-              - Replace
-              type: string
-            failedJobsHistoryLimit:
-              description: The number of failed finished jobs to retain. This is a pointer to distinguish between explicit zero and not specified.
-              format: int32
-              minimum: 0
-              type: integer
-            paused:
-              description: Paused will pause the cron job.
-              type: boolean
-            schedule:
-              description: The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron.
-              minLength: 0
-              type: string
-            startingDeadlineSeconds:
-              description: Optional deadline in seconds for starting the job if it misses scheduled time for any reason.  Missed jobs executions will be counted as failed ones.
-              format: int64
-              minimum: 0
-              type: integer
-            successfulJobsHistoryLimit:
-              description: The number of successful finished jobs to retain. This is a pointer to distinguish between explicit zero and not specified.
-              format: int32
-              minimum: 0
-              type: integer
-            template:
-              description: Specifies the job that will be created when executing a CronJob.
-              properties:
-                broadcastJobTemplate:
-                  description: Specifies the broadcastjob that will be created when executing a BroadcastCronJob.
-                  properties:
-                    metadata:
-                      description: Standard object's metadata of the jobs created from this template.
-                      type: object
-                    spec:
-                      description: Specification of the desired behavior of the broadcastjob.
-                      properties:
-                        completionPolicy:
-                          description: CompletionPolicy indicates the completion policy of the job. Default is Always CompletionPolicyType
-                          properties:
-                            activeDeadlineSeconds:
-                              description: ActiveDeadlineSeconds specifies the duration in seconds relative to the startTime that the job may be active before the system tries to terminate it; value must be positive integer. Only works for Always type.
-                              format: int64
-                              type: integer
-                            ttlSecondsAfterFinished:
-                              description: ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes. This field is alpha-level and is only honored by servers that enable the TTLAfterFinished feature. Only works for Always type
-                              format: int32
-                              type: integer
-                            type:
-                              description: Type indicates the type of the CompletionPolicy Default is Always
-                              type: string
-                          type: object
-                        failurePolicy:
-                          description: FailurePolicy indicates the behavior of the job, when failed pod is found.
-                          properties:
-                            restartLimit:
-                              description: RestartLimit specifies the number of retries before marking the pod failed.
-                              format: int32
-                              type: integer
-                            type:
-                              description: Type indicates the type of FailurePolicyType.
-                              type: string
-                          type: object
-                        parallelism:
-                          anyOf:
-                          - type: integer
-                          - type: string
-                          description: Parallelism specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when the work left to do is less than max parallelism. Not setting this value means no limit.
-                          x-kubernetes-int-or-string: true
-                        paused:
-                          description: Paused will pause the job.
-                          type: boolean
-                        template:
-                          description: Template describes the pod that will be created when executing a job.
-                          type: object
-                          x-kubernetes-preserve-unknown-fields: true
-                      required:
-                      - template
-                      type: object
-                  type: object
-                jobTemplate:
-                  description: Specifies the job that will be created when executing a CronJob.
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-              type: object
-          required:
-          - schedule
-          - template
-          type: object
-        status:
-          description: AdvancedCronJobStatus defines the observed state of AdvancedCronJob
-          properties:
-            active:
-              description: A list of pointers to currently running jobs.
-              items:
-                description: 'ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.  1. Ignored fields.  It includes many fields which are not generally honored.  For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.  2. Invalid usage help.  It is impossible to add specific help for individual usage.  In most embedded usages, there are particular     restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted".     Those cannot be well described when embedded.  3. Inconsistent validation.  Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.  4. The fields are both imprecise and overly precise.  Kind is not a precise mapping to a URL. This can produce ambiguity     during interpretation and require a REST mapping.  In most cases, the dependency is on the group,resource tuple     and the version of the actual struct is irrelevant.  5. We cannot easily change it.  Because this type is embedded in many locations, updates to this type     will affect numerous schemas.  Don''t make new APIs embed an underspecified API type they do not control. Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .'
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              type: array
-            lastScheduleTime:
-              description: Information when was the last time the job was successfully scheduled.
-              format: date-time
-              type: string
-            type:
-              type: string
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
-{{- end }}

charts/kruise/v0.10.0/templates/apps.kruise.io_broadcastjobs.yaml

@@ -1,174 +0,0 @@
-{{- if .Values.crds.managed }}
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.2.9
-  creationTimestamp: null
-  name: broadcastjobs.apps.kruise.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .status.desired
-    description: The desired number of pods. This is typically equal to the number of nodes satisfied to run pods.
-    name: Desired
-    type: integer
-  - JSONPath: .status.active
-    description: The number of actively running pods.
-    name: Active
-    type: integer
-  - JSONPath: .status.succeeded
-    description: The number of pods which reached phase Succeeded.
-    name: Succeeded
-    type: integer
-  - JSONPath: .status.failed
-    description: The number of pods which reached phase Failed.
-    name: Failed
-    type: integer
-  - JSONPath: .metadata.creationTimestamp
-    description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
-    name: AGE
-    type: date
-  group: apps.kruise.io
-  names:
-    kind: BroadcastJob
-    listKind: BroadcastJobList
-    plural: broadcastjobs
-    shortNames:
-    - bcj
-    singular: broadcastjob
-  scope: Namespaced
-  subresources:
-    status: {}
-  validation:
-    openAPIV3Schema:
-      description: BroadcastJob is the Schema for the broadcastjobs API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: BroadcastJobSpec defines the desired state of BroadcastJob
-          properties:
-            completionPolicy:
-              description: CompletionPolicy indicates the completion policy of the job. Default is Always CompletionPolicyType
-              properties:
-                activeDeadlineSeconds:
-                  description: ActiveDeadlineSeconds specifies the duration in seconds relative to the startTime that the job may be active before the system tries to terminate it; value must be positive integer. Only works for Always type.
-                  format: int64
-                  type: integer
-                ttlSecondsAfterFinished:
-                  description: ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes. This field is alpha-level and is only honored by servers that enable the TTLAfterFinished feature. Only works for Always type
-                  format: int32
-                  type: integer
-                type:
-                  description: Type indicates the type of the CompletionPolicy Default is Always
-                  type: string
-              type: object
-            failurePolicy:
-              description: FailurePolicy indicates the behavior of the job, when failed pod is found.
-              properties:
-                restartLimit:
-                  description: RestartLimit specifies the number of retries before marking the pod failed.
-                  format: int32
-                  type: integer
-                type:
-                  description: Type indicates the type of FailurePolicyType.
-                  type: string
-              type: object
-            parallelism:
-              anyOf:
-              - type: integer
-              - type: string
-              description: Parallelism specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when the work left to do is less than max parallelism. Not setting this value means no limit.
-              x-kubernetes-int-or-string: true
-            paused:
-              description: Paused will pause the job.
-              type: boolean
-            template:
-              description: Template describes the pod that will be created when executing a job.
-              type: object
-              x-kubernetes-preserve-unknown-fields: true
-          required:
-          - template
-          type: object
-        status:
-          description: BroadcastJobStatus defines the observed state of BroadcastJob
-          properties:
-            active:
-              description: The number of actively running pods.
-              format: int32
-              type: integer
-            completionTime:
-              description: Represents time when the job was completed. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC.
-              format: date-time
-              type: string
-            conditions:
-              description: The latest available observations of an object's current state.
-              items:
-                description: JobCondition describes current state of a job.
-                properties:
-                  lastProbeTime:
-                    description: Last time the condition was checked.
-                    format: date-time
-                    type: string
-                  lastTransitionTime:
-                    description: Last time the condition transit from one status to another.
-                    format: date-time
-                    type: string
-                  message:
-                    description: Human readable message indicating details about last transition.
-                    type: string
-                  reason:
-                    description: (brief) reason for the condition's last transition.
-                    type: string
-                  status:
-                    description: Status of the condition, one of True, False, Unknown.
-                    type: string
-                  type:
-                    description: Type of job condition, Complete or Failed.
-                    type: string
-                required:
-                - status
-                - type
-                type: object
-              type: array
-            desired:
-              description: The desired number of pods, this is typically equal to the number of nodes satisfied to run pods.
-              format: int32
-              type: integer
-            failed:
-              description: The number of pods which reached phase Failed.
-              format: int32
-              type: integer
-            phase:
-              description: The phase of the job.
-              type: string
-            startTime:
-              description: Represents time when the job was acknowledged by the job controller. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC.
-              format: date-time
-              type: string
-            succeeded:
-              description: The number of pods which reached phase Succeeded.
-              format: int32
-              type: integer
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
-{{- end }}

charts/kruise/v0.10.0/templates/apps.kruise.io_clonesets.yaml

@@ -1,370 +0,0 @@
-{{- if .Values.crds.managed }}
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.2.9
-  creationTimestamp: null
-  name: clonesets.apps.kruise.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .spec.replicas
-    description: The desired number of pods.
-    name: DESIRED
-    type: integer
-  - JSONPath: .status.updatedReplicas
-    description: The number of pods updated.
-    name: UPDATED
-    type: integer
-  - JSONPath: .status.updatedReadyReplicas
-    description: The number of pods updated and ready.
-    name: UPDATED_READY
-    type: integer
-  - JSONPath: .status.readyReplicas
-    description: The number of pods ready.
-    name: READY
-    type: integer
-  - JSONPath: .status.replicas
-    description: The number of currently all pods.
-    name: TOTAL
-    type: integer
-  - JSONPath: .metadata.creationTimestamp
-    description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
-    name: AGE
-    type: date
-  - JSONPath: .spec.template.spec.containers[*].name
-    description: The containers of currently cloneset.
-    name: CONTAINERS
-    priority: 1
-    type: string
-  - JSONPath: .spec.template.spec.containers[*].image
-    description: The images of currently cloneset.
-    name: IMAGES
-    priority: 1
-    type: string
-  - JSONPath: .status.labelSelector
-    description: The selector of currently cloneset.
-    name: SELECTOR
-    priority: 1
-    type: string
-  group: apps.kruise.io
-  names:
-    kind: CloneSet
-    listKind: CloneSetList
-    plural: clonesets
-    shortNames:
-    - clone
-    singular: cloneset
-  scope: Namespaced
-  subresources:
-    scale:
-      labelSelectorPath: .status.labelSelector
-      specReplicasPath: .spec.replicas
-      statusReplicasPath: .status.replicas
-    status: {}
-  validation:
-    openAPIV3Schema:
-      description: CloneSet is the Schema for the clonesets API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: CloneSetSpec defines the desired state of CloneSet
-          properties:
-            lifecycle:
-              description: Lifecycle defines the lifecycle hooks for Pods pre-delete, in-place update.
-              properties:
-                inPlaceUpdate:
-                  description: InPlaceUpdate is the hook before Pod to update and after Pod has been updated.
-                  properties:
-                    finalizersHandler:
-                      items:
-                        type: string
-                      type: array
-                    labelsHandler:
-                      additionalProperties:
-                        type: string
-                      type: object
-                  type: object
-                preDelete:
-                  description: PreDelete is the hook before Pod to be deleted.
-                  properties:
-                    finalizersHandler:
-                      items:
-                        type: string
-                      type: array
-                    labelsHandler:
-                      additionalProperties:
-                        type: string
-                      type: object
-                  type: object
-              type: object
-            minReadySeconds:
-              description: Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)
-              format: int32
-              type: integer
-            replicas:
-              description: Replicas is the desired number of replicas of the given Template. These are replicas in the sense that they are instantiations of the same Template. If unspecified, defaults to 1.
-              format: int32
-              type: integer
-            revisionHistoryLimit:
-              description: RevisionHistoryLimit is the maximum number of revisions that will be maintained in the CloneSet's revision history. The revision history consists of all revisions not represented by a currently applied CloneSetSpec version. The default value is 10.
-              format: int32
-              type: integer
-            scaleStrategy:
-              description: ScaleStrategy indicates the ScaleStrategy that will be employed to create and delete Pods in the CloneSet.
-              properties:
-                podsToDelete:
-                  description: PodsToDelete is the names of Pod should be deleted. Note that this list will be truncated for non-existing pod names.
-                  items:
-                    type: string
-                  type: array
-              type: object
-            selector:
-              description: 'Selector is a label query over pods that should match the replica count. It must match the pod template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
-              properties:
-                matchExpressions:
-                  description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                  items:
-                    description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                    properties:
-                      key:
-                        description: key is the label key that the selector applies to.
-                        type: string
-                      operator:
-                        description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                        type: string
-                      values:
-                        description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                        items:
-                          type: string
-                        type: array
-                    required:
-                    - key
-                    - operator
-                    type: object
-                  type: array
-                matchLabels:
-                  additionalProperties:
-                    type: string
-                  description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                  type: object
-              type: object
-            template:
-              description: Template describes the pods that will be created.
-              type: object
-              x-kubernetes-preserve-unknown-fields: true
-            updateStrategy:
-              description: UpdateStrategy indicates the UpdateStrategy that will be employed to update Pods in the CloneSet when a revision is made to Template.
-              properties:
-                inPlaceUpdateStrategy:
-                  description: InPlaceUpdateStrategy contains strategies for in-place update.
-                  properties:
-                    gracePeriodSeconds:
-                      description: GracePeriodSeconds is the timespan between set Pod status to not-ready and update images in Pod spec when in-place update a Pod.
-                      format: int32
-                      type: integer
-                  type: object
-                maxSurge:
-                  anyOf:
-                  - type: integer
-                  - type: string
-                  description: 'The maximum number of pods that can be scheduled above the desired replicas during update or specified delete. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up. Defaults to 0.'
-                  x-kubernetes-int-or-string: true
-                maxUnavailable:
-                  anyOf:
-                  - type: integer
-                  - type: string
-                  description: 'The maximum number of pods that can be unavailable during update or scale. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up by default. When maxSurge > 0, absolute number is calculated from percentage by rounding down. Defaults to 20%.'
-                  x-kubernetes-int-or-string: true
-                partition:
-                  anyOf:
-                  - type: integer
-                  - type: string
-                  description: 'Partition is the desired number of pods in old revisions. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up by default. It means when partition is set during pods updating, (replicas - partition value) number of pods will be updated. Default value is 0.'
-                  x-kubernetes-int-or-string: true
-                paused:
-                  description: Paused indicates that the CloneSet is paused. Default value is false
-                  type: boolean
-                priorityStrategy:
-                  description: Priorities are the rules for calculating the priority of updating pods. Each pod to be updated, will pass through these terms and get a sum of weights.
-                  properties:
-                    orderPriority:
-                      description: 'Order priority terms, pods will be sorted by the value of orderedKey. For example: ``` orderPriority: - orderedKey: key1 - orderedKey: key2 ``` First, all pods which have key1 in labels will be sorted by the value of key1. Then, the left pods which have no key1 but have key2 in labels will be sorted by the value of key2 and put behind those pods have key1.'
-                      items:
-                        description: UpdatePriorityOrder defines order priority.
-                        properties:
-                          orderedKey:
-                            description: Calculate priority by value of this key. Values of this key, will be sorted by GetInt(val). GetInt method will find the last int in value, such as getting 5 in value '5', getting 10 in value 'sts-10'.
-                            type: string
-                        required:
-                        - orderedKey
-                        type: object
-                      type: array
-                    weightPriority:
-                      description: Weight priority terms, pods will be sorted by the sum of all terms weight.
-                      items:
-                        description: UpdatePriorityWeightTerm defines weight priority.
-                        properties:
-                          matchSelector:
-                            description: MatchSelector is used to select by pod's labels.
-                            properties:
-                              matchExpressions:
-                                description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                                items:
-                                  description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                                  properties:
-                                    key:
-                                      description: key is the label key that the selector applies to.
-                                      type: string
-                                    operator:
-                                      description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                                      type: string
-                                    values:
-                                      description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                                      items:
-                                        type: string
-                                      type: array
-                                  required:
-                                  - key
-                                  - operator
-                                  type: object
-                                type: array
-                              matchLabels:
-                                additionalProperties:
-                                  type: string
-                                description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                                type: object
-                            type: object
-                          weight:
-                            description: Weight associated with matching the corresponding matchExpressions, in the range 1-100.
-                            format: int32
-                            type: integer
-                        required:
-                        - matchSelector
-                        - weight
-                        type: object
-                      type: array
-                  type: object
-                scatterStrategy:
-                  description: ScatterStrategy defines the scatter rules to make pods been scattered when update. This will avoid pods with the same key-value to be updated in one batch. - Note that pods will be scattered after priority sort. So, although priority strategy and scatter strategy can be applied together, we suggest to use either one of them. - If scatterStrategy is used, we suggest to just use one term. Otherwise, the update order can be hard to understand.
-                  items:
-                    properties:
-                      key:
-                        type: string
-                      value:
-                        type: string
-                    required:
-                    - key
-                    - value
-                    type: object
-                  type: array
-                type:
-                  description: Type indicates the type of the CloneSetUpdateStrategy. Default is ReCreate.
-                  type: string
-              type: object
-            volumeClaimTemplates:
-              description: VolumeClaimTemplates is a list of claims that pods are allowed to reference. Note that PVC will be deleted when its pod has been deleted.
-              items:
-                description: PersistentVolumeClaim is a user's request for and claim to a persistent volume
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              type: array
-          required:
-          - selector
-          - template
-          type: object
-        status:
-          description: CloneSetStatus defines the observed state of CloneSet
-          properties:
-            availableReplicas:
-              description: AvailableReplicas is the number of Pods created by the CloneSet controller that have a Ready Condition for at least minReadySeconds.
-              format: int32
-              type: integer
-            collisionCount:
-              description: CollisionCount is the count of hash collisions for the CloneSet. The CloneSet controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ControllerRevision.
-              format: int32
-              type: integer
-            conditions:
-              description: Conditions represents the latest available observations of a CloneSet's current state.
-              items:
-                description: CloneSetCondition describes the state of a CloneSet at a certain point.
-                properties:
-                  lastTransitionTime:
-                    description: Last time the condition transitioned from one status to another.
-                    format: date-time
-                    type: string
-                  message:
-                    description: A human readable message indicating details about the transition.
-                    type: string
-                  reason:
-                    description: The reason for the condition's last transition.
-                    type: string
-                  status:
-                    description: Status of the condition, one of True, False, Unknown.
-                    type: string
-                  type:
-                    description: Type of CloneSet condition.
-                    type: string
-                required:
-                - status
-                - type
-                type: object
-              type: array
-            currentRevision:
-              description: currentRevision, if not empty, indicates the current revision version of the CloneSet.
-              type: string
-            labelSelector:
-              description: LabelSelector is label selectors for query over pods that should match the replica count used by HPA.
-              type: string
-            observedGeneration:
-              description: ObservedGeneration is the most recent generation observed for this CloneSet. It corresponds to the CloneSet's generation, which is updated on mutation by the API Server.
-              format: int64
-              type: integer
-            readyReplicas:
-              description: ReadyReplicas is the number of Pods created by the CloneSet controller that have a Ready Condition.
-              format: int32
-              type: integer
-            replicas:
-              description: Replicas is the number of Pods created by the CloneSet controller.
-              format: int32
-              type: integer
-            updateRevision:
-              description: UpdateRevision, if not empty, indicates the latest revision of the CloneSet.
-              type: string
-            updatedReadyReplicas:
-              description: UpdatedReadyReplicas is the number of Pods created by the CloneSet controller from the CloneSet version indicated by updateRevision and have a Ready Condition.
-              format: int32
-              type: integer
-            updatedReplicas:
-              description: UpdatedReplicas is the number of Pods created by the CloneSet controller from the CloneSet version indicated by updateRevision.
-              format: int32
-              type: integer
-          required:
-          - availableReplicas
-          - readyReplicas
-          - replicas
-          - updatedReadyReplicas
-          - updatedReplicas
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
-{{- end }}

charts/kruise/v0.10.0/templates/apps.kruise.io_containerrecreaterequests.yaml

@@ -1,176 +0,0 @@
-{{- if .Values.crds.managed }}
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.2.9
-  creationTimestamp: null
-  name: containerrecreaterequests.apps.kruise.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .status.phase
-    description: Phase of this ContainerRecreateRequest.
-    name: PHASE
-    type: string
-  - JSONPath: .spec.podName
-    description: Pod name of this ContainerRecreateRequest.
-    name: POD
-    type: string
-  - JSONPath: .metadata.labels.crr\.apps\.kruise\.io/node-name
-    description: Pod name of this ContainerRecreateRequest.
-    name: NODE
-    type: string
-  - JSONPath: .metadata.creationTimestamp
-    description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
-    name: AGE
-    type: date
-  group: apps.kruise.io
-  names:
-    kind: ContainerRecreateRequest
-    listKind: ContainerRecreateRequestList
-    plural: containerrecreaterequests
-    shortNames:
-    - crr
-    singular: containerrecreaterequest
-  scope: Namespaced
-  subresources:
-    status: {}
-  validation:
-    openAPIV3Schema:
-      description: ContainerRecreateRequest is the Schema for the containerrecreaterequests API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: ContainerRecreateRequestSpec defines the desired state of ContainerRecreateRequest
-          properties:
-            activeDeadlineSeconds:
-              description: ActiveDeadlineSeconds is the deadline duration of this ContainerRecreateRequest.
-              format: int64
-              type: integer
-            containers:
-              description: Containers contains the containers that need to recreate in the Pod.
-              items:
-                description: ContainerRecreateRequestContainer defines the container that need to recreate.
-                properties:
-                  name:
-                    description: Name of the container that need to recreate. It must be existing in the real pod.Spec.Containers.
-                    type: string
-                  ports:
-                    description: Ports is synced from the real container in Pod spec during this ContainerRecreateRequest creating. Populated by the system. Read-only.
-                    items:
-                      description: ContainerPort represents a network port in a single container.
-                      type: object
-                      x-kubernetes-preserve-unknown-fields: true
-                    type: array
-                  preStop:
-                    description: PreStop is synced from the real container in Pod spec during this ContainerRecreateRequest creating. Populated by the system. Read-only.
-                    type: object
-                    x-kubernetes-preserve-unknown-fields: true
-                  statusContext:
-                    description: StatusContext is synced from the real Pod status during this ContainerRecreateRequest creating. Populated by the system. Read-only.
-                    properties:
-                      containerID:
-                        description: Container's ID in the format 'docker://<container_id>'.
-                        type: string
-                      restartCount:
-                        description: The number of times the container has been restarted, currently based on the number of dead containers that have not yet been removed. Note that this is calculated from dead containers. But those containers are subject to garbage collection. This value will get capped at 5 by GC.
-                        format: int32
-                        type: integer
-                    required:
-                    - containerID
-                    - restartCount
-                    type: object
-                required:
-                - name
-                type: object
-              type: array
-            podName:
-              description: PodName is name of the Pod that owns the recreated containers.
-              type: string
-            strategy:
-              description: Strategy defines strategies for containers recreation.
-              properties:
-                failurePolicy:
-                  description: FailurePolicy decides whether to continue if one container fails to recreate
-                  type: string
-                minStartedSeconds:
-                  description: Minimum number of seconds for which a newly created container should be started and ready without any of its container crashing, for it to be considered Succeeded. Defaults to 0 (container will be considered Succeeded as soon as it is started and ready)
-                  format: int32
-                  type: integer
-                orderedRecreate:
-                  description: OrderedRecreate indicates whether to recreate the next container only if the previous one has recreated completely.
-                  type: boolean
-                terminationGracePeriodSeconds:
-                  description: TerminationGracePeriodSeconds is the optional duration in seconds to wait the container terminating gracefully. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, we will use pod.Spec.TerminationGracePeriodSeconds as default value.
-                  format: int64
-                  type: integer
-                unreadyGracePeriodSeconds:
-                  description: UnreadyGracePeriodSeconds is the optional duration in seconds to mark Pod as not ready over this duration before executing preStop hook and stopping the container.
-                  format: int64
-                  type: integer
-              type: object
-            ttlSecondsAfterFinished:
-              description: TTLSecondsAfterFinished is the TTL duration after this ContainerRecreateRequest has completed.
-              format: int32
-              type: integer
-          required:
-          - containers
-          - podName
-          type: object
-        status:
-          description: ContainerRecreateRequestStatus defines the observed state of ContainerRecreateRequest
-          properties:
-            completionTime:
-              description: Represents time when the ContainerRecreateRequest was completed. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC.
-              format: date-time
-              type: string
-            containerRecreateStates:
-              description: ContainerRecreateStates contains the recreation states of the containers.
-              items:
-                description: ContainerRecreateRequestContainerRecreateState contains the recreation state of the container.
-                properties:
-                  message:
-                    description: A human readable message indicating details about this state.
-                    type: string
-                  name:
-                    description: Name of the container.
-                    type: string
-                  phase:
-                    description: Phase indicates the recreation phase of the container.
-                    type: string
-                required:
-                - name
-                - phase
-                type: object
-              type: array
-            message:
-              description: A human readable message indicating details about this ContainerRecreateRequest.
-              type: string
-            phase:
-              description: Phase of this ContainerRecreateRequest, e.g. Pending, Recreating, Completed
-              type: string
-          required:
-          - phase
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
-{{- end }}

charts/kruise/v0.10.0/templates/apps.kruise.io_daemonsets.yaml

@@ -1,268 +0,0 @@
-{{- if .Values.crds.managed }}
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.2.9
-  creationTimestamp: null
-  name: daemonsets.apps.kruise.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .status.desiredNumberScheduled
-    description: The desired number of pods.
-    name: DesiredNumber
-    type: integer
-  - JSONPath: .status.currentNumberScheduled
-    description: The current number of pods.
-    name: CurrentNumber
-    type: integer
-  - JSONPath: .status.updatedNumberScheduled
-    description: The updated number of pods.
-    name: UpdatedNumberScheduled
-    type: integer
-  - JSONPath: .metadata.creationTimestamp
-    description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
-    name: AGE
-    type: date
-  - JSONPath: .spec.template.spec.containers[*].name
-    description: The containers of currently  daemonset.
-    name: CONTAINERS
-    priority: 1
-    type: string
-  - JSONPath: .spec.template.spec.containers[*].image
-    description: The images of currently advanced daemonset.
-    name: IMAGES
-    priority: 1
-    type: string
-  group: apps.kruise.io
-  names:
-    kind: DaemonSet
-    listKind: DaemonSetList
-    plural: daemonsets
-    shortNames:
-    - daemon
-    singular: daemonset
-  scope: Namespaced
-  subresources:
-    status: {}
-  validation:
-    openAPIV3Schema:
-      description: DaemonSet is the Schema for the daemonsets API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: DaemonSetSpec defines the desired state of DaemonSet
-          properties:
-            burstReplicas:
-              anyOf:
-              - type: integer
-              - type: string
-              description: BurstReplicas is a rate limiter for booting pods on a lot of pods. The default value is 250
-              x-kubernetes-int-or-string: true
-            minReadySeconds:
-              description: The minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).
-              format: int32
-              type: integer
-            revisionHistoryLimit:
-              description: The number of old history to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.
-              format: int32
-              type: integer
-            selector:
-              description: 'A label query over pods that are managed by the daemon set. Must match in order to be controlled. It must match the pod template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
-              properties:
-                matchExpressions:
-                  description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                  items:
-                    description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                    properties:
-                      key:
-                        description: key is the label key that the selector applies to.
-                        type: string
-                      operator:
-                        description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                        type: string
-                      values:
-                        description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                        items:
-                          type: string
-                        type: array
-                    required:
-                    - key
-                    - operator
-                    type: object
-                  type: array
-                matchLabels:
-                  additionalProperties:
-                    type: string
-                  description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                  type: object
-              type: object
-            template:
-              description: 'An object that describes the pod that will be created. The DaemonSet will create exactly one copy of this pod on every node that matches the template''s node selector (or on every node if no node selector is specified). More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template'
-              type: object
-              x-kubernetes-preserve-unknown-fields: true
-            updateStrategy:
-              description: An update strategy to replace existing DaemonSet pods with new pods.
-              properties:
-                rollingUpdate:
-                  description: Rolling update config params. Present only if type = "RollingUpdate".
-                  properties:
-                    maxSurge:
-                      anyOf:
-                      - type: integer
-                      - type: string
-                      description: 'Only when type=SurgingRollingUpdateType, it works. The maximum number of DaemonSet pods that can be scheduled above the desired number of pods during the update. Value can be an absolute number (ex: 5) or a percentage of the total number of DaemonSet pods at the start of the update (ex: 10%). The absolute number is calculated from the percentage by rounding up. This cannot be 0. The default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have 2 pods running at any given time. The update starts by starting replacements for at most 30% of those DaemonSet pods. Once the new pods are available it then stops the existing pods before proceeding onto other DaemonSet pods, thus ensuring that at most 130% of the desired final number of DaemonSet  pods are running at all times during the update.'
-                      x-kubernetes-int-or-string: true
-                    maxUnavailable:
-                      anyOf:
-                      - type: integer
-                      - type: string
-                      description: 'The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0. Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.'
-                      x-kubernetes-int-or-string: true
-                    partition:
-                      description: The number of DaemonSet pods remained to be old version. Default value is 0. Maximum value is status.DesiredNumberScheduled, which means no pod will be updated.
-                      format: int32
-                      type: integer
-                    paused:
-                      description: Indicates that the daemon set is paused and will not be processed by the daemon set controller.
-                      type: boolean
-                    rollingUpdateType:
-                      description: Type is to specify which kind of rollingUpdate.
-                      type: string
-                    selector:
-                      description: A label query over nodes that are managed by the daemon set RollingUpdate. Must match in order to be controlled. It must match the node's labels.
-                      properties:
-                        matchExpressions:
-                          description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                          items:
-                            description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                            properties:
-                              key:
-                                description: key is the label key that the selector applies to.
-                                type: string
-                              operator:
-                                description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                                type: string
-                              values:
-                                description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                                items:
-                                  type: string
-                                type: array
-                            required:
-                            - key
-                            - operator
-                            type: object
-                          type: array
-                        matchLabels:
-                          additionalProperties:
-                            type: string
-                          description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                          type: object
-                      type: object
-                  type: object
-                type:
-                  description: Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
-                  type: string
-              type: object
-          required:
-          - selector
-          - template
-          type: object
-        status:
-          description: DaemonSetStatus defines the observed state of DaemonSet
-          properties:
-            collisionCount:
-              description: Count of hash collisions for the DaemonSet. The DaemonSet controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ControllerRevision.
-              format: int32
-              type: integer
-            conditions:
-              description: Represents the latest available observations of a DaemonSet's current state.
-              items:
-                description: DaemonSetCondition describes the state of a DaemonSet at a certain point.
-                properties:
-                  lastTransitionTime:
-                    description: Last time the condition transitioned from one status to another.
-                    format: date-time
-                    type: string
-                  message:
-                    description: A human readable message indicating details about the transition.
-                    type: string
-                  reason:
-                    description: The reason for the condition's last transition.
-                    type: string
-                  status:
-                    description: Status of the condition, one of True, False, Unknown.
-                    type: string
-                  type:
-                    description: Type of DaemonSet condition.
-                    type: string
-                required:
-                - status
-                - type
-                type: object
-              type: array
-            currentNumberScheduled:
-              description: 'The number of nodes that are running at least 1 daemon pod and are supposed to run the daemon pod. More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/'
-              format: int32
-              type: integer
-            daemonSetHash:
-              description: DaemonSetHash is the controller-revision-hash, which represents the latest version of the DaemonSet.
-              type: string
-            desiredNumberScheduled:
-              description: 'The total number of nodes that should be running the daemon pod (including nodes correctly running the daemon pod). More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/'
-              format: int32
-              type: integer
-            numberAvailable:
-              description: The number of nodes that should be running the daemon pod and have one or more of the daemon pod running and available (ready for at least spec.minReadySeconds)
-              format: int32
-              type: integer
-            numberMisscheduled:
-              description: 'The number of nodes that are running the daemon pod, but are not supposed to run the daemon pod. More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/'
-              format: int32
-              type: integer
-            numberReady:
-              description: The number of nodes that should be running the daemon pod and have one or more of the daemon pod running and ready.
-              format: int32
-              type: integer
-            numberUnavailable:
-              description: The number of nodes that should be running the daemon pod and have none of the daemon pod running and available (ready for at least spec.minReadySeconds)
-              format: int32
-              type: integer
-            observedGeneration:
-              description: The most recent generation observed by the daemon set controller.
-              format: int64
-              type: integer
-            updatedNumberScheduled:
-              description: The total number of nodes that are running updated daemon pod
-              format: int32
-              type: integer
-          required:
-          - currentNumberScheduled
-          - daemonSetHash
-          - desiredNumberScheduled
-          - numberMisscheduled
-          - numberReady
-          - updatedNumberScheduled
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
-{{- end }}

charts/kruise/v0.10.0/templates/apps.kruise.io_imagepulljobs.yaml

@@ -1,221 +0,0 @@
-{{- if .Values.crds.managed }}
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.2.9
-  creationTimestamp: null
-  name: imagepulljobs.apps.kruise.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .status.desired
-    description: Number of all nodes matched by this job
-    name: TOTAL
-    type: integer
-  - JSONPath: .status.active
-    description: Number of image pull task active
-    name: ACTIVE
-    type: integer
-  - JSONPath: .status.succeeded
-    description: Number of image pull task succeeded
-    name: SUCCEED
-    type: integer
-  - JSONPath: .status.failed
-    description: Number of image pull tasks failed
-    name: FAILED
-    type: integer
-  - JSONPath: .metadata.creationTimestamp
-    description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
-    name: AGE
-    type: date
-  - JSONPath: .status.message
-    description: Summary of status when job is failed
-    name: MESSAGE
-    type: string
-  group: apps.kruise.io
-  names:
-    kind: ImagePullJob
-    listKind: ImagePullJobList
-    plural: imagepulljobs
-    singular: imagepulljob
-  scope: Namespaced
-  subresources:
-    status: {}
-  validation:
-    openAPIV3Schema:
-      description: ImagePullJob is the Schema for the imagepulljobs API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: ImagePullJobSpec defines the desired state of ImagePullJob
-          properties:
-            completionPolicy:
-              description: CompletionPolicy indicates the completion policy of the job. Default is Always CompletionPolicyType.
-              properties:
-                activeDeadlineSeconds:
-                  description: ActiveDeadlineSeconds specifies the duration in seconds relative to the startTime that the job may be active before the system tries to terminate it; value must be positive integer. Only works for Always type.
-                  format: int64
-                  type: integer
-                ttlSecondsAfterFinished:
-                  description: ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes. This field is alpha-level and is only honored by servers that enable the TTLAfterFinished feature. Only works for Always type
-                  format: int32
-                  type: integer
-                type:
-                  description: Type indicates the type of the CompletionPolicy Default is Always
-                  type: string
-              type: object
-            image:
-              description: Image is the image to be pulled by the job
-              type: string
-            parallelism:
-              anyOf:
-              - type: integer
-              - type: string
-              description: Parallelism is the requested parallelism, it can be set to any non-negative value. If it is unspecified, it defaults to 1. If it is specified as 0, then the Job is effectively paused until it is increased.
-              x-kubernetes-int-or-string: true
-            podSelector:
-              description: PodSelector is a query over pods that should pull image on nodes of these pods. Mutually exclusive with Selector.
-              properties:
-                matchExpressions:
-                  description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                  items:
-                    description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                    properties:
-                      key:
-                        description: key is the label key that the selector applies to.
-                        type: string
-                      operator:
-                        description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                        type: string
-                      values:
-                        description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                        items:
-                          type: string
-                        type: array
-                    required:
-                    - key
-                    - operator
-                    type: object
-                  type: array
-                matchLabels:
-                  additionalProperties:
-                    type: string
-                  description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                  type: object
-              type: object
-            pullPolicy:
-              description: PullPolicy is an optional field to set parameters of the pulling task. If not specified, the system will use the default values.
-              properties:
-                backoffLimit:
-                  description: Specifies the number of retries before marking the pulling task failed. Defaults to 3
-                  format: int32
-                  type: integer
-                timeoutSeconds:
-                  description: Specifies the timeout of the pulling task. Defaults to 600
-                  format: int32
-                  type: integer
-              type: object
-            pullSecrets:
-              description: ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling the image. If specified, these secrets will be passed to individual puller implementations for them to use.  For example, in the case of docker, only DockerConfig type secrets are honored.
-              items:
-                type: string
-              type: array
-            selector:
-              description: Selector is a query over nodes that should match the job. nil to match all nodes.
-              properties:
-                matchExpressions:
-                  description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                  items:
-                    description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                    properties:
-                      key:
-                        description: key is the label key that the selector applies to.
-                        type: string
-                      operator:
-                        description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                        type: string
-                      values:
-                        description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                        items:
-                          type: string
-                        type: array
-                    required:
-                    - key
-                    - operator
-                    type: object
-                  type: array
-                matchLabels:
-                  additionalProperties:
-                    type: string
-                  description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                  type: object
-                names:
-                  description: Names specify a set of nodes to execute the job.
-                  items:
-                    type: string
-                  type: array
-              type: object
-          required:
-          - completionPolicy
-          - image
-          type: object
-        status:
-          description: ImagePullJobStatus defines the observed state of ImagePullJob
-          properties:
-            active:
-              description: The number of actively running pulling tasks.
-              format: int32
-              type: integer
-            completionTime:
-              description: Represents time when the job was completed. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC.
-              format: date-time
-              type: string
-            desired:
-              description: The desired number of pulling tasks, this is typically equal to the number of nodes satisfied.
-              format: int32
-              type: integer
-            failed:
-              description: The number of pulling tasks  which reached phase Failed.
-              format: int32
-              type: integer
-            failedNodes:
-              description: The nodes that failed to pull the image.
-              items:
-                type: string
-              type: array
-            message:
-              description: The text prompt for job running status.
-              type: string
-            startTime:
-              description: Represents time when the job was acknowledged by the job controller. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC.
-              format: date-time
-              type: string
-            succeeded:
-              description: The number of pulling tasks which reached phase Succeeded.
-              format: int32
-              type: integer
-          required:
-          - desired
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
-{{- end }}

charts/kruise/v0.10.0/templates/apps.kruise.io_nodeimages.yaml

@@ -1,218 +0,0 @@
-{{- if .Values.crds.managed }}
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.2.9
-  creationTimestamp: null
-  name: nodeimages.apps.kruise.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .status.desired
-    description: Number of all images on this node
-    name: DESIRED
-    type: integer
-  - JSONPath: .status.pulling
-    description: Number of image pull task active
-    name: PULLING
-    type: integer
-  - JSONPath: .status.succeeded
-    description: Number of image pull task succeeded
-    name: SUCCEED
-    type: integer
-  - JSONPath: .status.failed
-    description: Number of image pull tasks failed
-    name: FAILED
-    type: integer
-  - JSONPath: .metadata.creationTimestamp
-    description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
-    name: AGE
-    type: date
-  group: apps.kruise.io
-  names:
-    kind: NodeImage
-    listKind: NodeImageList
-    plural: nodeimages
-    singular: nodeimage
-  scope: Cluster
-  subresources:
-    status: {}
-  validation:
-    openAPIV3Schema:
-      description: NodeImage is the Schema for the nodeimages API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: NodeImageSpec defines the desired state of NodeImage
-          properties:
-            images:
-              additionalProperties:
-                description: ImageSpec defines the pulling spec of an image
-                properties:
-                  pullSecrets:
-                    description: PullSecrets is an optional list of references to secrets in the same namespace to use for pulling the image. If specified, these secrets will be passed to individual puller implementations for them to use.  For example, in the case of docker, only DockerConfig type secrets are honored.
-                    items:
-                      description: ReferenceObject comprises a resource name, with a mandatory namespace, rendered as "<namespace>/<name>".
-                      properties:
-                        name:
-                          type: string
-                        namespace:
-                          type: string
-                      type: object
-                    type: array
-                  tags:
-                    description: Tags is a list of versions of this image
-                    items:
-                      description: ImageTagSpec defines the pulling spec of an image tag
-                      properties:
-                        createdAt:
-                          description: Specifies the create time of this tag
-                          format: date-time
-                          type: string
-                        ownerReferences:
-                          description: List of objects depended by this object. If this image is managed by a controller, then an entry in this list will point to this controller.
-                          items:
-                            description: 'ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.  1. Ignored fields.  It includes many fields which are not generally honored.  For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.  2. Invalid usage help.  It is impossible to add specific help for individual usage.  In most embedded usages, there are particular     restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted".     Those cannot be well described when embedded.  3. Inconsistent validation.  Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.  4. The fields are both imprecise and overly precise.  Kind is not a precise mapping to a URL. This can produce ambiguity     during interpretation and require a REST mapping.  In most cases, the dependency is on the group,resource tuple     and the version of the actual struct is irrelevant.  5. We cannot easily change it.  Because this type is embedded in many locations, updates to this type     will affect numerous schemas.  Don''t make new APIs embed an underspecified API type they do not control. Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .'
-                            type: object
-                            x-kubernetes-preserve-unknown-fields: true
-                          type: array
-                        pullPolicy:
-                          description: PullPolicy is an optional field to set parameters of the pulling task. If not specified, the system will use the default values.
-                          properties:
-                            activeDeadlineSeconds:
-                              description: ActiveDeadlineSeconds specifies the duration in seconds relative to the startTime that the task may be active before the system tries to terminate it; value must be positive integer. if not specified, the system will never terminate it.
-                              format: int64
-                              type: integer
-                            backoffLimit:
-                              description: Specifies the number of retries before marking the pulling task failed. Defaults to 3
-                              format: int32
-                              type: integer
-                            timeoutSeconds:
-                              description: Specifies the timeout of the pulling task. Defaults to 600
-                              format: int32
-                              type: integer
-                            ttlSecondsAfterFinished:
-                              description: TTLSecondsAfterFinished limits the lifetime of a pulling task that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the task finishes, it is eligible to be automatically deleted. If this field is unset, the task won't be automatically deleted. If this field is set to zero, the task becomes eligible to be deleted immediately after it finishes.
-                              format: int32
-                              type: integer
-                          type: object
-                        tag:
-                          description: Specifies the image tag
-                          type: string
-                        version:
-                          description: "An opaque value that represents the internal version of this tag that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. \n Populated by the system. Read-only. Value must be treated as opaque by clients and ."
-                          format: int64
-                          type: integer
-                      required:
-                      - tag
-                      type: object
-                    type: array
-                required:
-                - tags
-                type: object
-              description: Specifies images to be pulled on this node It can not be more than 256 for each NodeImage
-              type: object
-          type: object
-        status:
-          description: NodeImageStatus defines the observed state of NodeImage
-          properties:
-            desired:
-              description: The desired number of pulling tasks, this is typically equal to the number of images in spec.
-              format: int32
-              type: integer
-            failed:
-              description: The number of pulling tasks  which reached phase Failed.
-              format: int32
-              type: integer
-            firstSyncStatus:
-              description: The first of all job has finished on this node. When a node is added to the cluster, we want to know the time when the node's image pulling is completed, and use it to trigger the operation of the upper system.
-              properties:
-                message:
-                  type: string
-                status:
-                  description: SyncStatusPhase defines the node status
-                  type: string
-                syncAt:
-                  format: date-time
-                  type: string
-              type: object
-            imageStatuses:
-              additionalProperties:
-                description: ImageStatus defines the pulling status of an image
-                properties:
-                  tags:
-                    description: Represents statuses of pulling tasks on this node
-                    items:
-                      description: ImageTagStatus defines the pulling status of an image tag
-                      properties:
-                        completionTime:
-                          description: Represents time when the pulling task was completed. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC.
-                          format: date-time
-                          type: string
-                        imageID:
-                          description: Represents the ID of this image.
-                          type: string
-                        message:
-                          description: Represents the summary informations of this node
-                          type: string
-                        phase:
-                          description: Represents the image pulling task phase.
-                          type: string
-                        progress:
-                          description: Represents the pulling progress of this tag, which is beetween 0-100. There is no guarantee of monotonic consistency, and it may be a rollback due to retry during pulling.
-                          format: int32
-                          type: integer
-                        startTime:
-                          description: Represents time when the pulling task was acknowledged by the image puller. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC.
-                          format: date-time
-                          type: string
-                        tag:
-                          description: Represents the image tag.
-                          type: string
-                        version:
-                          description: Represents the internal version of this tag that the daemon handled.
-                          format: int64
-                          type: integer
-                      required:
-                      - phase
-                      - tag
-                      type: object
-                    type: array
-                required:
-                - tags
-                type: object
-              description: all statuses of active image pulling tasks
-              type: object
-            pulling:
-              description: The number of pulling tasks which are not finished.
-              format: int32
-              type: integer
-            succeeded:
-              description: The number of pulling tasks which reached phase Succeeded.
-              format: int32
-              type: integer
-          required:
-          - desired
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
-{{- end }}

charts/kruise/v0.10.0/templates/apps.kruise.io_sidecarsets.yaml

@@ -1,287 +0,0 @@
-{{- if .Values.crds.managed }}
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.2.9
-  name: sidecarsets.apps.kruise.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .status.matchedPods
-    description: The number of pods matched.
-    name: MATCHED
-    type: integer
-  - JSONPath: .status.updatedPods
-    description: The number of pods matched and updated.
-    name: UPDATED
-    type: integer
-  - JSONPath: .status.readyPods
-    description: The number of pods matched and ready.
-    name: READY
-    type: integer
-  - JSONPath: .metadata.creationTimestamp
-    description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
-    name: AGE
-    type: date
-  group: apps.kruise.io
-  names:
-    kind: SidecarSet
-    listKind: SidecarSetList
-    plural: sidecarsets
-    singular: sidecarset
-  preserveUnknownFields: false
-  scope: Cluster
-  subresources:
-    status: {}
-  validation:
-    openAPIV3Schema:
-      description: SidecarSet is the Schema for the sidecarsets API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: SidecarSetSpec defines the desired state of SidecarSet
-          properties:
-            containers:
-              description: Containers is the list of sidecar containers to be injected into the selected pod
-              items:
-                description: SidecarContainer defines the container of Sidecar
-                properties:
-                  podInjectPolicy:
-                    description: The rules that injected SidecarContainer into Pod.spec.containers, not takes effect in initContainers If BeforeAppContainer, the SidecarContainer will be injected in front of the pod.spec.containers otherwise it will be injected into the back. default BeforeAppContainerType
-                    type: string
-                  shareVolumePolicy:
-                    description: If ShareVolumePolicy is enabled, the sidecar container will share the other container's VolumeMounts in the pod(don't contains the injected sidecar container).
-                    properties:
-                      type:
-                        type: string
-                    type: object
-                  transferEnv:
-                    description: TransferEnv will transfer env info from other container SourceContainerName is pod.spec.container[x].name; EnvName is pod.spec.container[x].Env.name
-                    items:
-                      properties:
-                        envName:
-                          type: string
-                        sourceContainerName:
-                          type: string
-                      type: object
-                    type: array
-                  upgradeStrategy:
-                    description: 'sidecarContainer upgrade strategy, include: ColdUpgrade, HotUpgrade'
-                    properties:
-                      hotUpgradeEmptyImage:
-                        description: when HotUpgrade, HotUpgradeEmptyImage is used to complete the hot upgrading process HotUpgradeEmptyImage is consistent of sidecar container in Command, Args, Liveness probe, etc. but it does no actual work.
-                        type: string
-                      upgradeType:
-                        description: when sidecar container is stateless, use ColdUpgrade otherwise HotUpgrade are more HotUpgrade. examples for istio envoy container is suitable for HotUpgrade default is ColdUpgrade
-                        type: string
-                    type: object
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              type: array
-            imagePullSecrets:
-              description: List of the names of secrets required by pulling sidecar container images
-              items:
-                description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              type: array
-            initContainers:
-              description: Containers is the list of init containers to be injected into the selected pod We will inject those containers by their name in ascending order We only inject init containers when a new pod is created, it does not apply to any existing pod
-              items:
-                description: SidecarContainer defines the container of Sidecar
-                properties:
-                  podInjectPolicy:
-                    description: The rules that injected SidecarContainer into Pod.spec.containers, not takes effect in initContainers If BeforeAppContainer, the SidecarContainer will be injected in front of the pod.spec.containers otherwise it will be injected into the back. default BeforeAppContainerType
-                    type: string
-                  shareVolumePolicy:
-                    description: If ShareVolumePolicy is enabled, the sidecar container will share the other container's VolumeMounts in the pod(don't contains the injected sidecar container).
-                    properties:
-                      type:
-                        type: string
-                    type: object
-                  transferEnv:
-                    description: TransferEnv will transfer env info from other container SourceContainerName is pod.spec.container[x].name; EnvName is pod.spec.container[x].Env.name
-                    items:
-                      properties:
-                        envName:
-                          type: string
-                        sourceContainerName:
-                          type: string
-                      type: object
-                    type: array
-                  upgradeStrategy:
-                    description: 'sidecarContainer upgrade strategy, include: ColdUpgrade, HotUpgrade'
-                    properties:
-                      hotUpgradeEmptyImage:
-                        description: when HotUpgrade, HotUpgradeEmptyImage is used to complete the hot upgrading process HotUpgradeEmptyImage is consistent of sidecar container in Command, Args, Liveness probe, etc. but it does no actual work.
-                        type: string
-                      upgradeType:
-                        description: when sidecar container is stateless, use ColdUpgrade otherwise HotUpgrade are more HotUpgrade. examples for istio envoy container is suitable for HotUpgrade default is ColdUpgrade
-                        type: string
-                    type: object
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              type: array
-            injectionStrategy:
-              description: InjectionStrategy describe the strategy when sidecarset is injected into pods
-              properties:
-                paused:
-                  description: Paused indicates that SidecarSet will suspend injection into Pods If Paused is true, the sidecarSet will not be injected to newly created Pods, but the injected sidecar container remains updating and running. default is false
-                  type: boolean
-              type: object
-            namespace:
-              description: Namespace sidecarSet will only match the pods in the namespace otherwise, match pods in all namespaces(in cluster)
-              type: string
-            selector:
-              description: selector is a label query over pods that should be injected
-              properties:
-                matchExpressions:
-                  description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                  items:
-                    description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                    properties:
-                      key:
-                        description: key is the label key that the selector applies to.
-                        type: string
-                      operator:
-                        description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                        type: string
-                      values:
-                        description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                        items:
-                          type: string
-                        type: array
-                    required:
-                    - key
-                    - operator
-                    type: object
-                  type: array
-                matchLabels:
-                  additionalProperties:
-                    type: string
-                  description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                  type: object
-              type: object
-            updateStrategy:
-              description: The sidecarset updateStrategy to use to replace existing pods with new ones.
-              properties:
-                maxUnavailable:
-                  anyOf:
-                  - type: integer
-                  - type: string
-                  description: 'The maximum number of SidecarSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of SidecarSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0. Default value is 1.'
-                  x-kubernetes-int-or-string: true
-                partition:
-                  anyOf:
-                  - type: integer
-                  - type: string
-                  description: Partition is the desired number of pods in old revisions. It means when partition is set during pods updating, (replicas - partition) number of pods will be updated. Default value is 0.
-                  x-kubernetes-int-or-string: true
-                paused:
-                  description: Paused indicates that the SidecarSet is paused to update the injected pods, but it don't affect the webhook inject sidecar container into the newly created pods. default is false
-                  type: boolean
-                scatterStrategy:
-                  description: ScatterStrategy defines the scatter rules to make pods been scattered when update. This will avoid pods with the same key-value to be updated in one batch. - Note that pods will be scattered after priority sort. So, although priority strategy and scatter strategy can be applied together, we suggest to use either one of them. - If scatterStrategy is used, we suggest to just use one term. Otherwise, the update order can be hard to understand.
-                  items:
-                    properties:
-                      key:
-                        type: string
-                      value:
-                        type: string
-                    required:
-                    - key
-                    - value
-                    type: object
-                  type: array
-                selector:
-                  description: If selector is not nil, this upgrade will only update the selected pods.
-                  properties:
-                    matchExpressions:
-                      description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                      items:
-                        description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                        properties:
-                          key:
-                            description: key is the label key that the selector applies to.
-                            type: string
-                          operator:
-                            description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                            type: string
-                          values:
-                            description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                            items:
-                              type: string
-                            type: array
-                        required:
-                        - key
-                        - operator
-                        type: object
-                      type: array
-                    matchLabels:
-                      additionalProperties:
-                        type: string
-                      description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                      type: object
-                  type: object
-                type:
-                  description: Type is NotUpdate, the SidecarSet don't update the injected pods, it will only inject sidecar container into the newly created pods. Type is RollingUpdate, the SidecarSet will update the injected pods to the latest version on RollingUpdate Strategy. default is RollingUpdate
-                  type: string
-              type: object
-            volumes:
-              description: List of volumes that can be mounted by sidecar containers
-              items:
-                description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              type: array
-          type: object
-        status:
-          description: SidecarSetStatus defines the observed state of SidecarSet
-          properties:
-            matchedPods:
-              description: matchedPods is the number of Pods whose labels are matched with this SidecarSet's selector and are created after sidecarset creates
-              format: int32
-              type: integer
-            observedGeneration:
-              description: observedGeneration is the most recent generation observed for this SidecarSet. It corresponds to the SidecarSet's generation, which is updated on mutation by the API Server.
-              format: int64
-              type: integer
-            readyPods:
-              description: readyPods is the number of matched Pods that have a ready condition
-              format: int32
-              type: integer
-            updatedPods:
-              description: updatedPods is the number of matched Pods that are injected with the latest SidecarSet's containers
-              format: int32
-              type: integer
-            updatedReadyPods:
-              description: updatedReadyPods is the number of matched pods that updated and ready
-              format: int32
-              type: integer
-          required:
-          - matchedPods
-          - readyPods
-          - updatedPods
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
-{{- end }}

charts/kruise/v0.10.0/templates/apps.kruise.io_statefulsets.yaml

@@ -1,588 +0,0 @@
-{{- if .Values.crds.managed }}
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.2.9
-  name: statefulsets.apps.kruise.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .spec.replicas
-    description: The desired number of pods.
-    name: DESIRED
-    type: integer
-  - JSONPath: .status.replicas
-    description: The number of currently all pods.
-    name: CURRENT
-    type: integer
-  - JSONPath: .status.updatedReplicas
-    description: The number of pods updated.
-    name: UPDATED
-    type: integer
-  - JSONPath: .status.readyReplicas
-    description: The number of pods ready.
-    name: READY
-    type: integer
-  - JSONPath: .metadata.creationTimestamp
-    description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
-    name: AGE
-    type: date
-  - JSONPath: .spec.template.spec.containers[*].name
-    description: The containers of currently advanced statefulset.
-    name: CONTAINERS
-    priority: 1
-    type: string
-  - JSONPath: .spec.template.spec.containers[*].image
-    description: The images of currently advanced statefulset.
-    name: IMAGES
-    priority: 1
-    type: string
-  conversion:
-    strategy: Webhook
-    webhookClientConfig:
-      caBundle: Cg==
-      service:
-        name: kruise-webhook-service
-        namespace: kruise-system
-        path: /convert
-  group: apps.kruise.io
-  names:
-    kind: StatefulSet
-    listKind: StatefulSetList
-    plural: statefulsets
-    shortNames:
-    - sts
-    - asts
-    singular: statefulset
-  preserveUnknownFields: false
-  scope: Namespaced
-  subresources:
-    scale:
-      labelSelectorPath: .status.labelSelector
-      specReplicasPath: .spec.replicas
-      statusReplicasPath: .status.replicas
-    status: {}
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: StatefulSet is the Schema for the statefulsets API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: StatefulSetSpec defines the desired state of StatefulSet
-            properties:
-              podManagementPolicy:
-                description: podManagementPolicy controls how pods are created during initial scale up, when replacing pods on nodes, or when scaling down. The default policy is `OrderedReady`, where pods are created in increasing order (pod-0, then pod-1, etc) and the controller will wait until each pod is ready before continuing. When scaling down, the pods are removed in the opposite order. The alternative policy is `Parallel` which will create pods in parallel to match the desired scale without waiting, and on scale down will delete all pods at once.
-                type: string
-              replicas:
-                description: 'replicas is the desired number of replicas of the given Template. These are replicas in the sense that they are instantiations of the same Template, but individual replicas also have a consistent identity. If unspecified, defaults to 1. TODO: Consider a rename of this field.'
-                format: int32
-                type: integer
-              revisionHistoryLimit:
-                description: revisionHistoryLimit is the maximum number of revisions that will be maintained in the StatefulSet's revision history. The revision history consists of all revisions not represented by a currently applied StatefulSetSpec version. The default value is 10.
-                format: int32
-                type: integer
-              selector:
-                description: 'selector is a label query over pods that should match the replica count. It must match the pod template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                    items:
-                      description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector applies to.
-                          type: string
-                        operator:
-                          description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                          type: string
-                        values:
-                          description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                          items:
-                            type: string
-                          type: array
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                    type: object
-                type: object
-              serviceName:
-                description: 'serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where "pod-specific-string" is managed by the StatefulSet controller.'
-                type: string
-              template:
-                description: template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet.
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              updateStrategy:
-                description: updateStrategy indicates the StatefulSetUpdateStrategy that will be employed to update Pods in the StatefulSet when a revision is made to Template.
-                properties:
-                  rollingUpdate:
-                    description: RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType.
-                    properties:
-                      inPlaceUpdateStrategy:
-                        description: InPlaceUpdateStrategy contains strategies for in-place update.
-                        properties:
-                          gracePeriodSeconds:
-                            description: GracePeriodSeconds is the timespan between set Pod status to not-ready and update images in Pod spec when in-place update a Pod.
-                            format: int32
-                            type: integer
-                        type: object
-                      maxUnavailable:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: 'The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. Also, maxUnavailable can just be allowed to work with Parallel podManagementPolicy. Defaults to 1.'
-                        x-kubernetes-int-or-string: true
-                      minReadySeconds:
-                        description: MinReadySeconds indicates how long will the pod be considered ready after it's updated. MinReadySeconds works with both OrderedReady and Parallel podManagementPolicy. It affects the pod scale up speed when the podManagementPolicy is set to be OrderedReady. Combined with MaxUnavailable, it affects the pod update speed regardless of podManagementPolicy. Default value is 0, max is 300.
-                        format: int32
-                        type: integer
-                      partition:
-                        description: 'Partition indicates the ordinal at which the StatefulSet should be partitioned by default. But if unorderedUpdate has been set:   - Partition indicates the number of pods with non-updated revisions when rolling update.   - It means controller will update $(replicas - partition) number of pod. Default value is 0.'
-                        format: int32
-                        type: integer
-                      paused:
-                        description: Paused indicates that the StatefulSet is paused. Default value is false
-                        type: boolean
-                      podUpdatePolicy:
-                        description: PodUpdatePolicy indicates how pods should be updated Default value is "ReCreate"
-                        type: string
-                      unorderedUpdate:
-                        description: UnorderedUpdate contains strategies for non-ordered update. If it is not nil, pods will be updated with non-ordered sequence. Noted that UnorderedUpdate can only be allowed to work with Parallel podManagementPolicy
-                        properties:
-                          priorityStrategy:
-                            description: Priorities are the rules for calculating the priority of updating pods. Each pod to be updated, will pass through these terms and get a sum of weights.
-                            properties:
-                              orderPriority:
-                                description: 'Order priority terms, pods will be sorted by the value of orderedKey. For example: ``` orderPriority: - orderedKey: key1 - orderedKey: key2 ``` First, all pods which have key1 in labels will be sorted by the value of key1. Then, the left pods which have no key1 but have key2 in labels will be sorted by the value of key2 and put behind those pods have key1.'
-                                items:
-                                  description: UpdatePriorityOrder defines order priority.
-                                  properties:
-                                    orderedKey:
-                                      description: Calculate priority by value of this key. Values of this key, will be sorted by GetInt(val). GetInt method will find the last int in value, such as getting 5 in value '5', getting 10 in value 'sts-10'.
-                                      type: string
-                                  required:
-                                  - orderedKey
-                                  type: object
-                                type: array
-                              weightPriority:
-                                description: Weight priority terms, pods will be sorted by the sum of all terms weight.
-                                items:
-                                  description: UpdatePriorityWeightTerm defines weight priority.
-                                  properties:
-                                    matchSelector:
-                                      description: MatchSelector is used to select by pod's labels.
-                                      properties:
-                                        matchExpressions:
-                                          description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                                          items:
-                                            description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                                            properties:
-                                              key:
-                                                description: key is the label key that the selector applies to.
-                                                type: string
-                                              operator:
-                                                description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                                                type: string
-                                              values:
-                                                description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                                                items:
-                                                  type: string
-                                                type: array
-                                            required:
-                                            - key
-                                            - operator
-                                            type: object
-                                          type: array
-                                        matchLabels:
-                                          additionalProperties:
-                                            type: string
-                                          description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                                          type: object
-                                      type: object
-                                    weight:
-                                      description: Weight associated with matching the corresponding matchExpressions, in the range 1-100.
-                                      format: int32
-                                      type: integer
-                                  required:
-                                  - matchSelector
-                                  - weight
-                                  type: object
-                                type: array
-                            type: object
-                        type: object
-                    type: object
-                  type:
-                    description: Type indicates the type of the StatefulSetUpdateStrategy. Default is RollingUpdate.
-                    type: string
-                type: object
-              volumeClaimTemplates:
-                description: 'volumeClaimTemplates is a list of claims that pods are allowed to reference. The StatefulSet controller is responsible for mapping network identities to claims in a way that maintains the identity of a pod. Every claim in this list must have at least one matching (by name) volumeMount in one container in the template. A claim in this list takes precedence over any volumes in the template, with the same name. TODO: Define the behavior if a claim already exists with the same name.'
-                items:
-                  description: PersistentVolumeClaim is a user's request for and claim to a persistent volume
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                type: array
-            required:
-            - selector
-            - template
-            type: object
-          status:
-            description: StatefulSetStatus defines the observed state of StatefulSet
-            properties:
-              availableReplicas:
-                description: AvailableReplicas is the number of Pods created by the StatefulSet controller that have been ready for minReadySeconds.
-                format: int32
-                type: integer
-              collisionCount:
-                description: collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ControllerRevision.
-                format: int32
-                type: integer
-              conditions:
-                description: Represents the latest available observations of a statefulset's current state.
-                items:
-                  description: StatefulSetCondition describes the state of a statefulset at a certain point.
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                type: array
-              currentReplicas:
-                description: currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version indicated by currentRevision.
-                format: int32
-                type: integer
-              currentRevision:
-                description: currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence [0,currentReplicas).
-                type: string
-              labelSelector:
-                description: LabelSelector is label selectors for query over pods that should match the replica count used by HPA.
-                type: string
-              observedGeneration:
-                description: observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the StatefulSet's generation, which is updated on mutation by the API Server.
-                format: int64
-                type: integer
-              readyReplicas:
-                description: readyReplicas is the number of Pods created by the StatefulSet controller that have a Ready Condition.
-                format: int32
-                type: integer
-              replicas:
-                description: replicas is the number of Pods created by the StatefulSet controller.
-                format: int32
-                type: integer
-              updateRevision:
-                description: updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence [replicas-updatedReplicas,replicas)
-                type: string
-              updatedReplicas:
-                description: updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version indicated by updateRevision.
-                format: int32
-                type: integer
-            required:
-            - availableReplicas
-            - currentReplicas
-            - readyReplicas
-            - replicas
-            - updatedReplicas
-            type: object
-        type: object
-    served: true
-    storage: false
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: StatefulSet is the Schema for the statefulsets API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: StatefulSetSpec defines the desired state of StatefulSet
-            properties:
-              lifecycle:
-                description: Lifecycle defines the lifecycle hooks for Pods pre-delete, in-place update.
-                properties:
-                  inPlaceUpdate:
-                    description: InPlaceUpdate is the hook before Pod to update and after Pod has been updated.
-                    properties:
-                      finalizersHandler:
-                        items:
-                          type: string
-                        type: array
-                      labelsHandler:
-                        additionalProperties:
-                          type: string
-                        type: object
-                    type: object
-                  preDelete:
-                    description: PreDelete is the hook before Pod to be deleted.
-                    properties:
-                      finalizersHandler:
-                        items:
-                          type: string
-                        type: array
-                      labelsHandler:
-                        additionalProperties:
-                          type: string
-                        type: object
-                    type: object
-                type: object
-              podManagementPolicy:
-                description: podManagementPolicy controls how pods are created during initial scale up, when replacing pods on nodes, or when scaling down. The default policy is `OrderedReady`, where pods are created in increasing order (pod-0, then pod-1, etc) and the controller will wait until each pod is ready before continuing. When scaling down, the pods are removed in the opposite order. The alternative policy is `Parallel` which will create pods in parallel to match the desired scale without waiting, and on scale down will delete all pods at once.
-                type: string
-              replicas:
-                description: 'replicas is the desired number of replicas of the given Template. These are replicas in the sense that they are instantiations of the same Template, but individual replicas also have a consistent identity. If unspecified, defaults to 1. TODO: Consider a rename of this field.'
-                format: int32
-                type: integer
-              reserveOrdinals:
-                description: 'reserveOrdinals controls the ordinal numbers that should be reserved, and the replicas will always be the expectation number of running Pods. For a sts with replicas=3 and its Pods in [0, 1, 2]: - If you want to migrate Pod-1 and reserve this ordinal, just set spec.reserveOrdinal to [1].   Then controller will delete Pod-1 and create Pod-3 (existing Pods will be [0, 2, 3]) - If you just want to delete Pod-1, you should set spec.reserveOrdinal to [1] and spec.replicas to 2.   Then controller will delete Pod-1 (existing Pods will be [0, 2])'
-                items:
-                  type: integer
-                type: array
-              revisionHistoryLimit:
-                description: revisionHistoryLimit is the maximum number of revisions that will be maintained in the StatefulSet's revision history. The revision history consists of all revisions not represented by a currently applied StatefulSetSpec version. The default value is 10.
-                format: int32
-                type: integer
-              scaleStrategy:
-                description: scaleStrategy indicates the StatefulSetScaleStrategy that will be employed to scale Pods in the StatefulSet.
-                properties:
-                  maxUnavailable:
-                    anyOf:
-                    - type: integer
-                    - type: string
-                    description: 'The maximum number of pods that can be unavailable during scaling. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. It can just be allowed to work with Parallel podManagementPolicy.'
-                    x-kubernetes-int-or-string: true
-                type: object
-              selector:
-                description: 'selector is a label query over pods that should match the replica count. It must match the pod template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
-                properties:
-                  matchExpressions:
-                    description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                    items:
-                      description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                      properties:
-                        key:
-                          description: key is the label key that the selector applies to.
-                          type: string
-                        operator:
-                          description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                          type: string
-                        values:
-                          description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                          items:
-                            type: string
-                          type: array
-                      required:
-                      - key
-                      - operator
-                      type: object
-                    type: array
-                  matchLabels:
-                    additionalProperties:
-                      type: string
-                    description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                    type: object
-                type: object
-              serviceName:
-                description: 'serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where "pod-specific-string" is managed by the StatefulSet controller.'
-                type: string
-              template:
-                description: template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet.
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              updateStrategy:
-                description: updateStrategy indicates the StatefulSetUpdateStrategy that will be employed to update Pods in the StatefulSet when a revision is made to Template.
-                properties:
-                  rollingUpdate:
-                    description: RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType.
-                    properties:
-                      inPlaceUpdateStrategy:
-                        description: InPlaceUpdateStrategy contains strategies for in-place update.
-                        properties:
-                          gracePeriodSeconds:
-                            description: GracePeriodSeconds is the timespan between set Pod status to not-ready and update images in Pod spec when in-place update a Pod.
-                            format: int32
-                            type: integer
-                        type: object
-                      maxUnavailable:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: 'The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. Also, maxUnavailable can just be allowed to work with Parallel podManagementPolicy. Defaults to 1.'
-                        x-kubernetes-int-or-string: true
-                      minReadySeconds:
-                        description: MinReadySeconds indicates how long will the pod be considered ready after it's updated. MinReadySeconds works with both OrderedReady and Parallel podManagementPolicy. It affects the pod scale up speed when the podManagementPolicy is set to be OrderedReady. Combined with MaxUnavailable, it affects the pod update speed regardless of podManagementPolicy. Default value is 0, max is 300.
-                        format: int32
-                        type: integer
-                      partition:
-                        description: 'Partition indicates the ordinal at which the StatefulSet should be partitioned by default. But if unorderedUpdate has been set:   - Partition indicates the number of pods with non-updated revisions when rolling update.   - It means controller will update $(replicas - partition) number of pod. Default value is 0.'
-                        format: int32
-                        type: integer
-                      paused:
-                        description: Paused indicates that the StatefulSet is paused. Default value is false
-                        type: boolean
-                      podUpdatePolicy:
-                        description: PodUpdatePolicy indicates how pods should be updated Default value is "ReCreate"
-                        type: string
-                      unorderedUpdate:
-                        description: UnorderedUpdate contains strategies for non-ordered update. If it is not nil, pods will be updated with non-ordered sequence. Noted that UnorderedUpdate can only be allowed to work with Parallel podManagementPolicy
-                        properties:
-                          priorityStrategy:
-                            description: Priorities are the rules for calculating the priority of updating pods. Each pod to be updated, will pass through these terms and get a sum of weights.
-                            properties:
-                              orderPriority:
-                                description: 'Order priority terms, pods will be sorted by the value of orderedKey. For example: ``` orderPriority: - orderedKey: key1 - orderedKey: key2 ``` First, all pods which have key1 in labels will be sorted by the value of key1. Then, the left pods which have no key1 but have key2 in labels will be sorted by the value of key2 and put behind those pods have key1.'
-                                items:
-                                  description: UpdatePriorityOrder defines order priority.
-                                  properties:
-                                    orderedKey:
-                                      description: Calculate priority by value of this key. Values of this key, will be sorted by GetInt(val). GetInt method will find the last int in value, such as getting 5 in value '5', getting 10 in value 'sts-10'.
-                                      type: string
-                                  required:
-                                  - orderedKey
-                                  type: object
-                                type: array
-                              weightPriority:
-                                description: Weight priority terms, pods will be sorted by the sum of all terms weight.
-                                items:
-                                  description: UpdatePriorityWeightTerm defines weight priority.
-                                  properties:
-                                    matchSelector:
-                                      description: MatchSelector is used to select by pod's labels.
-                                      properties:
-                                        matchExpressions:
-                                          description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                                          items:
-                                            description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                                            properties:
-                                              key:
-                                                description: key is the label key that the selector applies to.
-                                                type: string
-                                              operator:
-                                                description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                                                type: string
-                                              values:
-                                                description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                                                items:
-                                                  type: string
-                                                type: array
-                                            required:
-                                            - key
-                                            - operator
-                                            type: object
-                                          type: array
-                                        matchLabels:
-                                          additionalProperties:
-                                            type: string
-                                          description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                                          type: object
-                                      type: object
-                                    weight:
-                                      description: Weight associated with matching the corresponding matchExpressions, in the range 1-100.
-                                      format: int32
-                                      type: integer
-                                  required:
-                                  - matchSelector
-                                  - weight
-                                  type: object
-                                type: array
-                            type: object
-                        type: object
-                    type: object
-                  type:
-                    description: Type indicates the type of the StatefulSetUpdateStrategy. Default is RollingUpdate.
-                    type: string
-                type: object
-              volumeClaimTemplates:
-                description: 'volumeClaimTemplates is a list of claims that pods are allowed to reference. The StatefulSet controller is responsible for mapping network identities to claims in a way that maintains the identity of a pod. Every claim in this list must have at least one matching (by name) volumeMount in one container in the template. A claim in this list takes precedence over any volumes in the template, with the same name. TODO: Define the behavior if a claim already exists with the same name.'
-                items:
-                  description: PersistentVolumeClaim is a user's request for and claim to a persistent volume
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                type: array
-            required:
-            - selector
-            - template
-            type: object
-          status:
-            description: StatefulSetStatus defines the observed state of StatefulSet
-            properties:
-              availableReplicas:
-                description: AvailableReplicas is the number of Pods created by the StatefulSet controller that have been ready for minReadySeconds.
-                format: int32
-                type: integer
-              collisionCount:
-                description: collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ControllerRevision.
-                format: int32
-                type: integer
-              conditions:
-                description: Represents the latest available observations of a statefulset's current state.
-                items:
-                  description: StatefulSetCondition describes the state of a statefulset at a certain point.
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                type: array
-              currentReplicas:
-                description: currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version indicated by currentRevision.
-                format: int32
-                type: integer
-              currentRevision:
-                description: currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence [0,currentReplicas).
-                type: string
-              labelSelector:
-                description: LabelSelector is label selectors for query over pods that should match the replica count used by HPA.
-                type: string
-              observedGeneration:
-                description: observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the StatefulSet's generation, which is updated on mutation by the API Server.
-                format: int64
-                type: integer
-              readyReplicas:
-                description: readyReplicas is the number of Pods created by the StatefulSet controller that have a Ready Condition.
-                format: int32
-                type: integer
-              replicas:
-                description: replicas is the number of Pods created by the StatefulSet controller.
-                format: int32
-                type: integer
-              updateRevision:
-                description: updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence [replicas-updatedReplicas,replicas)
-                type: string
-              updatedReplicas:
-                description: updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version indicated by updateRevision.
-                format: int32
-                type: integer
-            required:
-            - availableReplicas
-            - currentReplicas
-            - readyReplicas
-            - replicas
-            - updatedReplicas
-            type: object
-        type: object
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
-{{- end }}

charts/kruise/v0.10.0/templates/apps.kruise.io_uniteddeployments.yaml

@@ -1,661 +0,0 @@
-{{- if .Values.crds.managed }}
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.2.9
-  creationTimestamp: null
-  name: uniteddeployments.apps.kruise.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .spec.replicas
-    description: The desired number of pods.
-    name: DESIRED
-    type: integer
-  - JSONPath: .status.replicas
-    description: The number of currently all pods.
-    name: CURRENT
-    type: integer
-  - JSONPath: .status.updatedReplicas
-    description: The number of pods updated.
-    name: UPDATED
-    type: integer
-  - JSONPath: .status.readyReplicas
-    description: The number of pods ready.
-    name: READY
-    type: integer
-  - JSONPath: .metadata.creationTimestamp
-    description: CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
-    name: AGE
-    type: date
-  group: apps.kruise.io
-  names:
-    kind: UnitedDeployment
-    listKind: UnitedDeploymentList
-    plural: uniteddeployments
-    shortNames:
-    - ud
-    singular: uniteddeployment
-  scope: Namespaced
-  subresources:
-    scale:
-      labelSelectorPath: .status.selector
-      specReplicasPath: .spec.replicas
-      statusReplicasPath: .status.replicas
-    status: {}
-  validation:
-    openAPIV3Schema:
-      description: UnitedDeployment is the Schema for the uniteddeployments API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: UnitedDeploymentSpec defines the desired state of UnitedDeployment.
-          properties:
-            replicas:
-              description: Replicas is the total desired replicas of all the subsets. If unspecified, defaults to 1.
-              format: int32
-              type: integer
-            revisionHistoryLimit:
-              description: Indicates the number of histories to be conserved. If unspecified, defaults to 10.
-              format: int32
-              type: integer
-            selector:
-              description: Selector is a label query over pods that should match the replica count. It must match the pod template's labels.
-              properties:
-                matchExpressions:
-                  description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                  items:
-                    description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                    properties:
-                      key:
-                        description: key is the label key that the selector applies to.
-                        type: string
-                      operator:
-                        description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                        type: string
-                      values:
-                        description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                        items:
-                          type: string
-                        type: array
-                    required:
-                    - key
-                    - operator
-                    type: object
-                  type: array
-                matchLabels:
-                  additionalProperties:
-                    type: string
-                  description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                  type: object
-              type: object
-            template:
-              description: Template describes the subset that will be created.
-              properties:
-                advancedStatefulSetTemplate:
-                  description: AdvancedStatefulSet template
-                  properties:
-                    metadata:
-                      type: object
-                      x-kubernetes-preserve-unknown-fields: true
-                    spec:
-                      description: StatefulSetSpec defines the desired state of StatefulSet
-                      properties:
-                        podManagementPolicy:
-                          description: podManagementPolicy controls how pods are created during initial scale up, when replacing pods on nodes, or when scaling down. The default policy is `OrderedReady`, where pods are created in increasing order (pod-0, then pod-1, etc) and the controller will wait until each pod is ready before continuing. When scaling down, the pods are removed in the opposite order. The alternative policy is `Parallel` which will create pods in parallel to match the desired scale without waiting, and on scale down will delete all pods at once.
-                          type: string
-                        replicas:
-                          description: 'replicas is the desired number of replicas of the given Template. These are replicas in the sense that they are instantiations of the same Template, but individual replicas also have a consistent identity. If unspecified, defaults to 1. TODO: Consider a rename of this field.'
-                          format: int32
-                          type: integer
-                        revisionHistoryLimit:
-                          description: revisionHistoryLimit is the maximum number of revisions that will be maintained in the StatefulSet's revision history. The revision history consists of all revisions not represented by a currently applied StatefulSetSpec version. The default value is 10.
-                          format: int32
-                          type: integer
-                        selector:
-                          description: 'selector is a label query over pods that should match the replica count. It must match the pod template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
-                          properties:
-                            matchExpressions:
-                              description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                              items:
-                                description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                                properties:
-                                  key:
-                                    description: key is the label key that the selector applies to.
-                                    type: string
-                                  operator:
-                                    description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                                    type: string
-                                  values:
-                                    description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                - key
-                                - operator
-                                type: object
-                              type: array
-                            matchLabels:
-                              additionalProperties:
-                                type: string
-                              description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                              type: object
-                          type: object
-                        serviceName:
-                          description: 'serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where "pod-specific-string" is managed by the StatefulSet controller.'
-                          type: string
-                        template:
-                          description: template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet.
-                          type: object
-                          x-kubernetes-preserve-unknown-fields: true
-                        updateStrategy:
-                          description: updateStrategy indicates the StatefulSetUpdateStrategy that will be employed to update Pods in the StatefulSet when a revision is made to Template.
-                          properties:
-                            rollingUpdate:
-                              description: RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType.
-                              properties:
-                                inPlaceUpdateStrategy:
-                                  description: InPlaceUpdateStrategy contains strategies for in-place update.
-                                  properties:
-                                    gracePeriodSeconds:
-                                      description: GracePeriodSeconds is the timespan between set Pod status to not-ready and update images in Pod spec when in-place update a Pod.
-                                      format: int32
-                                      type: integer
-                                  type: object
-                                maxUnavailable:
-                                  anyOf:
-                                  - type: integer
-                                  - type: string
-                                  description: 'The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. Also, maxUnavailable can just be allowed to work with Parallel podManagementPolicy. Defaults to 1.'
-                                  x-kubernetes-int-or-string: true
-                                minReadySeconds:
-                                  description: MinReadySeconds indicates how long will the pod be considered ready after it's updated. MinReadySeconds works with both OrderedReady and Parallel podManagementPolicy. It affects the pod scale up speed when the podManagementPolicy is set to be OrderedReady. Combined with MaxUnavailable, it affects the pod update speed regardless of podManagementPolicy. Default value is 0, max is 300.
-                                  format: int32
-                                  type: integer
-                                partition:
-                                  description: 'Partition indicates the ordinal at which the StatefulSet should be partitioned by default. But if unorderedUpdate has been set:   - Partition indicates the number of pods with non-updated revisions when rolling update.   - It means controller will update $(replicas - partition) number of pod. Default value is 0.'
-                                  format: int32
-                                  type: integer
-                                paused:
-                                  description: Paused indicates that the StatefulSet is paused. Default value is false
-                                  type: boolean
-                                podUpdatePolicy:
-                                  description: PodUpdatePolicy indicates how pods should be updated Default value is "ReCreate"
-                                  type: string
-                                unorderedUpdate:
-                                  description: UnorderedUpdate contains strategies for non-ordered update. If it is not nil, pods will be updated with non-ordered sequence. Noted that UnorderedUpdate can only be allowed to work with Parallel podManagementPolicy
-                                  properties:
-                                    priorityStrategy:
-                                      description: Priorities are the rules for calculating the priority of updating pods. Each pod to be updated, will pass through these terms and get a sum of weights.
-                                      properties:
-                                        orderPriority:
-                                          description: 'Order priority terms, pods will be sorted by the value of orderedKey. For example: ``` orderPriority: - orderedKey: key1 - orderedKey: key2 ``` First, all pods which have key1 in labels will be sorted by the value of key1. Then, the left pods which have no key1 but have key2 in labels will be sorted by the value of key2 and put behind those pods have key1.'
-                                          items:
-                                            description: UpdatePriorityOrder defines order priority.
-                                            properties:
-                                              orderedKey:
-                                                description: Calculate priority by value of this key. Values of this key, will be sorted by GetInt(val). GetInt method will find the last int in value, such as getting 5 in value '5', getting 10 in value 'sts-10'.
-                                                type: string
-                                            required:
-                                            - orderedKey
-                                            type: object
-                                          type: array
-                                        weightPriority:
-                                          description: Weight priority terms, pods will be sorted by the sum of all terms weight.
-                                          items:
-                                            description: UpdatePriorityWeightTerm defines weight priority.
-                                            properties:
-                                              matchSelector:
-                                                description: MatchSelector is used to select by pod's labels.
-                                                properties:
-                                                  matchExpressions:
-                                                    description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                                                    items:
-                                                      description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                                                      properties:
-                                                        key:
-                                                          description: key is the label key that the selector applies to.
-                                                          type: string
-                                                        operator:
-                                                          description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                                                          type: string
-                                                        values:
-                                                          description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                                                          items:
-                                                            type: string
-                                                          type: array
-                                                      required:
-                                                      - key
-                                                      - operator
-                                                      type: object
-                                                    type: array
-                                                  matchLabels:
-                                                    additionalProperties:
-                                                      type: string
-                                                    description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                                                    type: object
-                                                type: object
-                                              weight:
-                                                description: Weight associated with matching the corresponding matchExpressions, in the range 1-100.
-                                                format: int32
-                                                type: integer
-                                            required:
-                                            - matchSelector
-                                            - weight
-                                            type: object
-                                          type: array
-                                      type: object
-                                  type: object
-                              type: object
-                            type:
-                              description: Type indicates the type of the StatefulSetUpdateStrategy. Default is RollingUpdate.
-                              type: string
-                          type: object
-                        volumeClaimTemplates:
-                          description: 'volumeClaimTemplates is a list of claims that pods are allowed to reference. The StatefulSet controller is responsible for mapping network identities to claims in a way that maintains the identity of a pod. Every claim in this list must have at least one matching (by name) volumeMount in one container in the template. A claim in this list takes precedence over any volumes in the template, with the same name. TODO: Define the behavior if a claim already exists with the same name.'
-                          items:
-                            description: PersistentVolumeClaim is a user's request for and claim to a persistent volume
-                            type: object
-                            x-kubernetes-preserve-unknown-fields: true
-                          type: array
-                      required:
-                      - selector
-                      - template
-                      type: object
-                  required:
-                  - spec
-                  type: object
-                cloneSetTemplate:
-                  description: CloneSet template
-                  properties:
-                    metadata:
-                      type: object
-                      x-kubernetes-preserve-unknown-fields: true
-                    spec:
-                      description: CloneSetSpec defines the desired state of CloneSet
-                      properties:
-                        lifecycle:
-                          description: Lifecycle defines the lifecycle hooks for Pods pre-delete, in-place update.
-                          properties:
-                            inPlaceUpdate:
-                              description: InPlaceUpdate is the hook before Pod to update and after Pod has been updated.
-                              properties:
-                                finalizersHandler:
-                                  items:
-                                    type: string
-                                  type: array
-                                labelsHandler:
-                                  additionalProperties:
-                                    type: string
-                                  type: object
-                              type: object
-                            preDelete:
-                              description: PreDelete is the hook before Pod to be deleted.
-                              properties:
-                                finalizersHandler:
-                                  items:
-                                    type: string
-                                  type: array
-                                labelsHandler:
-                                  additionalProperties:
-                                    type: string
-                                  type: object
-                              type: object
-                          type: object
-                        minReadySeconds:
-                          description: Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)
-                          format: int32
-                          type: integer
-                        replicas:
-                          description: Replicas is the desired number of replicas of the given Template. These are replicas in the sense that they are instantiations of the same Template. If unspecified, defaults to 1.
-                          format: int32
-                          type: integer
-                        revisionHistoryLimit:
-                          description: RevisionHistoryLimit is the maximum number of revisions that will be maintained in the CloneSet's revision history. The revision history consists of all revisions not represented by a currently applied CloneSetSpec version. The default value is 10.
-                          format: int32
-                          type: integer
-                        scaleStrategy:
-                          description: ScaleStrategy indicates the ScaleStrategy that will be employed to create and delete Pods in the CloneSet.
-                          properties:
-                            podsToDelete:
-                              description: PodsToDelete is the names of Pod should be deleted. Note that this list will be truncated for non-existing pod names.
-                              items:
-                                type: string
-                              type: array
-                          type: object
-                        selector:
-                          description: 'Selector is a label query over pods that should match the replica count. It must match the pod template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
-                          properties:
-                            matchExpressions:
-                              description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                              items:
-                                description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                                properties:
-                                  key:
-                                    description: key is the label key that the selector applies to.
-                                    type: string
-                                  operator:
-                                    description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                                    type: string
-                                  values:
-                                    description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                                    items:
-                                      type: string
-                                    type: array
-                                required:
-                                - key
-                                - operator
-                                type: object
-                              type: array
-                            matchLabels:
-                              additionalProperties:
-                                type: string
-                              description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                              type: object
-                          type: object
-                        template:
-                          description: Template describes the pods that will be created.
-                          type: object
-                          x-kubernetes-preserve-unknown-fields: true
-                        updateStrategy:
-                          description: UpdateStrategy indicates the UpdateStrategy that will be employed to update Pods in the CloneSet when a revision is made to Template.
-                          properties:
-                            inPlaceUpdateStrategy:
-                              description: InPlaceUpdateStrategy contains strategies for in-place update.
-                              properties:
-                                gracePeriodSeconds:
-                                  description: GracePeriodSeconds is the timespan between set Pod status to not-ready and update images in Pod spec when in-place update a Pod.
-                                  format: int32
-                                  type: integer
-                              type: object
-                            maxSurge:
-                              anyOf:
-                              - type: integer
-                              - type: string
-                              description: 'The maximum number of pods that can be scheduled above the desired replicas during update or specified delete. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up. Defaults to 0.'
-                              x-kubernetes-int-or-string: true
-                            maxUnavailable:
-                              anyOf:
-                              - type: integer
-                              - type: string
-                              description: 'The maximum number of pods that can be unavailable during update or scale. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up by default. When maxSurge > 0, absolute number is calculated from percentage by rounding down. Defaults to 20%.'
-                              x-kubernetes-int-or-string: true
-                            partition:
-                              anyOf:
-                              - type: integer
-                              - type: string
-                              description: 'Partition is the desired number of pods in old revisions. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up by default. It means when partition is set during pods updating, (replicas - partition value) number of pods will be updated. Default value is 0.'
-                              x-kubernetes-int-or-string: true
-                            paused:
-                              description: Paused indicates that the CloneSet is paused. Default value is false
-                              type: boolean
-                            priorityStrategy:
-                              description: Priorities are the rules for calculating the priority of updating pods. Each pod to be updated, will pass through these terms and get a sum of weights.
-                              properties:
-                                orderPriority:
-                                  description: 'Order priority terms, pods will be sorted by the value of orderedKey. For example: ``` orderPriority: - orderedKey: key1 - orderedKey: key2 ``` First, all pods which have key1 in labels will be sorted by the value of key1. Then, the left pods which have no key1 but have key2 in labels will be sorted by the value of key2 and put behind those pods have key1.'
-                                  items:
-                                    description: UpdatePriorityOrder defines order priority.
-                                    properties:
-                                      orderedKey:
-                                        description: Calculate priority by value of this key. Values of this key, will be sorted by GetInt(val). GetInt method will find the last int in value, such as getting 5 in value '5', getting 10 in value 'sts-10'.
-                                        type: string
-                                    required:
-                                    - orderedKey
-                                    type: object
-                                  type: array
-                                weightPriority:
-                                  description: Weight priority terms, pods will be sorted by the sum of all terms weight.
-                                  items:
-                                    description: UpdatePriorityWeightTerm defines weight priority.
-                                    properties:
-                                      matchSelector:
-                                        description: MatchSelector is used to select by pod's labels.
-                                        properties:
-                                          matchExpressions:
-                                            description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                                            items:
-                                              description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                                              properties:
-                                                key:
-                                                  description: key is the label key that the selector applies to.
-                                                  type: string
-                                                operator:
-                                                  description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                                                  type: string
-                                                values:
-                                                  description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                                                  items:
-                                                    type: string
-                                                  type: array
-                                              required:
-                                              - key
-                                              - operator
-                                              type: object
-                                            type: array
-                                          matchLabels:
-                                            additionalProperties:
-                                              type: string
-                                            description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                                            type: object
-                                        type: object
-                                      weight:
-                                        description: Weight associated with matching the corresponding matchExpressions, in the range 1-100.
-                                        format: int32
-                                        type: integer
-                                    required:
-                                    - matchSelector
-                                    - weight
-                                    type: object
-                                  type: array
-                              type: object
-                            scatterStrategy:
-                              description: ScatterStrategy defines the scatter rules to make pods been scattered when update. This will avoid pods with the same key-value to be updated in one batch. - Note that pods will be scattered after priority sort. So, although priority strategy and scatter strategy can be applied together, we suggest to use either one of them. - If scatterStrategy is used, we suggest to just use one term. Otherwise, the update order can be hard to understand.
-                              items:
-                                properties:
-                                  key:
-                                    type: string
-                                  value:
-                                    type: string
-                                required:
-                                - key
-                                - value
-                                type: object
-                              type: array
-                            type:
-                              description: Type indicates the type of the CloneSetUpdateStrategy. Default is ReCreate.
-                              type: string
-                          type: object
-                        volumeClaimTemplates:
-                          description: VolumeClaimTemplates is a list of claims that pods are allowed to reference. Note that PVC will be deleted when its pod has been deleted.
-                          items:
-                            description: PersistentVolumeClaim is a user's request for and claim to a persistent volume
-                            type: object
-                            x-kubernetes-preserve-unknown-fields: true
-                          type: array
-                      required:
-                      - selector
-                      - template
-                      type: object
-                  required:
-                  - spec
-                  type: object
-                deploymentTemplate:
-                  description: Deployment template
-                  properties:
-                    metadata:
-                      type: object
-                    spec:
-                      description: DeploymentSpec is the specification of the desired behavior of the Deployment.
-                      type: object
-                      x-kubernetes-preserve-unknown-fields: true
-                  required:
-                  - spec
-                  type: object
-                statefulSetTemplate:
-                  description: StatefulSet template
-                  properties:
-                    metadata:
-                      type: object
-                      x-kubernetes-preserve-unknown-fields: true
-                    spec:
-                      description: A StatefulSetSpec is the specification of a StatefulSet.
-                      type: object
-                      x-kubernetes-preserve-unknown-fields: true
-                  required:
-                  - spec
-                  type: object
-              type: object
-            topology:
-              description: Topology describes the pods distribution detail between each of subsets.
-              properties:
-                subsets:
-                  description: Contains the details of each subset. Each element in this array represents one subset which will be provisioned and managed by UnitedDeployment.
-                  items:
-                    description: Subset defines the detail of a subset.
-                    properties:
-                      name:
-                        description: Indicates subset name as a DNS_LABEL, which will be used to generate subset workload name prefix in the format '<deployment-name>-<subset-name>-'. Name should be unique between all of the subsets under one UnitedDeployment.
-                        type: string
-                      nodeSelectorTerm:
-                        description: Indicates the node selector to form the subset. Depending on the node selector, pods provisioned could be distributed across multiple groups of nodes. A subset's nodeSelectorTerm is not allowed to be updated.
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      replicas:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: Indicates the number of the pod to be created under this subset. Replicas could also be percentage like '10%', which means 10% of UnitedDeployment replicas of pods will be distributed under this subset. If nil, the number of replicas in this subset is determined by controller. Controller will try to keep all the subsets with nil replicas have average pods.
-                        x-kubernetes-int-or-string: true
-                      tolerations:
-                        description: Indicates the tolerations the pods under this subset have. A subset's tolerations is not allowed to be updated.
-                        items:
-                          description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
-                          type: object
-                          x-kubernetes-preserve-unknown-fields: true
-                        type: array
-                    required:
-                    - name
-                    type: object
-                  type: array
-              type: object
-            updateStrategy:
-              description: UpdateStrategy indicates the strategy the UnitedDeployment use to preform the update, when template is changed.
-              properties:
-                manualUpdate:
-                  description: Includes all of the parameters a Manual update strategy needs.
-                  properties:
-                    partitions:
-                      additionalProperties:
-                        format: int32
-                        type: integer
-                      description: Indicates number of subset partition.
-                      type: object
-                  type: object
-                type:
-                  description: Type of UnitedDeployment update strategy. Default is Manual.
-                  type: string
-              type: object
-          required:
-          - selector
-          type: object
-        status:
-          description: UnitedDeploymentStatus defines the observed state of UnitedDeployment.
-          properties:
-            collisionCount:
-              description: Count of hash collisions for the UnitedDeployment. The UnitedDeployment controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ControllerRevision.
-              format: int32
-              type: integer
-            conditions:
-              description: Represents the latest available observations of a UnitedDeployment's current state.
-              items:
-                description: UnitedDeploymentCondition describes current state of a UnitedDeployment.
-                properties:
-                  lastTransitionTime:
-                    description: Last time the condition transitioned from one status to another.
-                    format: date-time
-                    type: string
-                  message:
-                    description: A human readable message indicating details about the transition.
-                    type: string
-                  reason:
-                    description: The reason for the condition's last transition.
-                    type: string
-                  status:
-                    description: Status of the condition, one of True, False, Unknown.
-                    type: string
-                  type:
-                    description: Type of in place set condition.
-                    type: string
-                type: object
-              type: array
-            currentRevision:
-              description: CurrentRevision, if not empty, indicates the current version of the UnitedDeployment.
-              type: string
-            observedGeneration:
-              description: ObservedGeneration is the most recent generation observed for this UnitedDeployment. It corresponds to the UnitedDeployment's generation, which is updated on mutation by the API Server.
-              format: int64
-              type: integer
-            readyReplicas:
-              description: The number of ready replicas.
-              format: int32
-              type: integer
-            replicas:
-              description: Replicas is the most recently observed number of replicas.
-              format: int32
-              type: integer
-            subsetReplicas:
-              additionalProperties:
-                format: int32
-                type: integer
-              description: Records the topology detail information of the replicas of each subset.
-              type: object
-            updateStatus:
-              description: Records the information of update progress.
-              properties:
-                currentPartitions:
-                  additionalProperties:
-                    format: int32
-                    type: integer
-                  description: Records the current partition.
-                  type: object
-                updatedRevision:
-                  description: Records the latest revision.
-                  type: string
-              type: object
-            updatedReadyReplicas:
-              description: The number of ready current revision replicas for this UnitedDeployment.
-              format: int32
-              type: integer
-            updatedReplicas:
-              description: The number of pods in current version.
-              format: int32
-              type: integer
-          required:
-          - currentRevision
-          - replicas
-          - updatedReplicas
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
-{{- end }}

charts/kruise/v0.10.0/templates/apps.kruise.io_workloadspreads.yaml

@@ -1,213 +0,0 @@
-{{- if .Values.crds.managed }}
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.2.9
-  creationTimestamp: null
-  name: workloadspreads.apps.kruise.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .spec.targetRef.name
-    name: WorkloadName
-    type: string
-  - JSONPath: .spec.targetRef.kind
-    name: WorkloadKind
-    type: string
-  - JSONPath: .spec.scheduleStrategy.type[?(@ == "Adaptive")]
-    description: Whether use the adaptive reschedule strategy
-    name: Adaptive
-    type: boolean
-  - JSONPath: .metadata.creationTimestamp
-    name: Age
-    type: date
-  group: apps.kruise.io
-  names:
-    kind: WorkloadSpread
-    listKind: WorkloadSpreadList
-    plural: workloadspreads
-    shortNames:
-    - ws
-    singular: workloadspread
-  scope: Namespaced
-  subresources:
-    status: {}
-  validation:
-    openAPIV3Schema:
-      description: WorkloadSpread is the Schema for the WorkloadSpread API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: WorkloadSpreadSpec defines the desired state of WorkloadSpread.
-          properties:
-            scheduleStrategy:
-              description: ScheduleStrategy indicates the strategy the WorkloadSpread used to preform the schedule between each of subsets.
-              properties:
-                adaptive:
-                  description: Adaptive is used to communicate parameters when Type is AdaptiveWorkloadSpreadScheduleStrategyType.
-                  properties:
-                    disableSimulationSchedule:
-                      description: DisableSimulationSchedule indicates whether to disable the feature of simulation schedule. Default is false. Webhook can take a simple general predicates to check whether Pod can be scheduled into this subset, but it just considers the Node resource and cannot replace scheduler to do richer predicates practically.
-                      type: boolean
-                    rescheduleCriticalSeconds:
-                      description: RescheduleCriticalSeconds indicates how long controller will reschedule a schedule failed Pod to the subset that has redundant capacity after the subset where the Pod lives. If a Pod was scheduled failed and still in a unschedulabe status over RescheduleCriticalSeconds duration, the controller will reschedule it to a suitable subset.
-                      format: int32
-                      type: integer
-                  type: object
-                type:
-                  description: Type indicates the type of the WorkloadSpreadScheduleStrategy. Default is Fixed
-                  enum:
-                  - Adaptive
-                  - Fixed
-                  - ""
-                  type: string
-              type: object
-            subsets:
-              description: Subsets describes the pods distribution details between each of subsets.
-              items:
-                description: WorkloadSpreadSubset defines the details of a subset.
-                properties:
-                  maxReplicas:
-                    anyOf:
-                    - type: integer
-                    - type: string
-                    description: MaxReplicas indicates the desired max replicas of this subset.
-                    x-kubernetes-int-or-string: true
-                  name:
-                    description: Name should be unique between all of the subsets under one WorkloadSpread.
-                    type: string
-                  patch:
-                    description: Patch indicates patching podTemplate to the Pod.
-                    type: object
-                  preferredNodeSelectorTerms:
-                    description: Indicates the node preferred selector to form the subset.
-                    items:
-                      description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
-                      type: object
-                      x-kubernetes-preserve-unknown-fields: true
-                    type: array
-                  requiredNodeSelectorTerm:
-                    description: Indicates the node required selector to form the subset.
-                    type: object
-                    x-kubernetes-preserve-unknown-fields: true
-                  tolerations:
-                    description: Indicates the tolerations the pods under this subset have.
-                    items:
-                      description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
-                      type: object
-                      x-kubernetes-preserve-unknown-fields: true
-                    type: array
-                required:
-                - name
-                type: object
-              type: array
-            targetRef:
-              description: TargetReference is the target workload that WorkloadSpread want to control.
-              properties:
-                apiVersion:
-                  description: API version of the referent.
-                  type: string
-                kind:
-                  description: Kind of the referent.
-                  type: string
-                name:
-                  description: Name of the referent.
-                  type: string
-              required:
-              - apiVersion
-              - kind
-              - name
-              type: object
-          required:
-          - subsets
-          - targetRef
-          type: object
-        status:
-          description: WorkloadSpreadStatus defines the observed state of WorkloadSpread.
-          properties:
-            observedGeneration:
-              description: ObservedGeneration is the most recent generation observed for this WorkloadSpread. It corresponds to the WorkloadSpread's generation, which is updated on mutation by the API Server.
-              format: int64
-              type: integer
-            subsetStatuses:
-              description: Contains the status of each subset. Each element in this array represents one subset
-              items:
-                description: WorkloadSpreadSubsetStatus defines the observed state of subset
-                properties:
-                  conditions:
-                    description: Conditions is an array of current observed subset conditions.
-                    items:
-                      properties:
-                        lastTransitionTime:
-                          description: Last time the condition transitioned from one status to another.
-                          format: date-time
-                          type: string
-                        message:
-                          description: A human readable message indicating details about the transition.
-                          type: string
-                        reason:
-                          description: The reason for the condition's last transition.
-                          type: string
-                        status:
-                          description: Status of the condition, one of True, False, Unknown.
-                          type: string
-                        type:
-                          description: Type of in place set condition.
-                          type: string
-                      required:
-                      - status
-                      - type
-                      type: object
-                    type: array
-                  creatingPods:
-                    additionalProperties:
-                      format: date-time
-                      type: string
-                    description: CreatingPods contains information about pods whose creation was processed by the webhook handler but not yet been observed by the WorkloadSpread controller. A pod will be in this map from the time when the webhook handler processed the creation request to the time when the pod is seen by controller. The key in the map is the name of the pod and the value is the time when the webhook handler process the creation request. If the real creation didn't happen and a pod is still in this map, it will be removed from the list automatically by WorkloadSpread controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod creations.
-                    type: object
-                  deletingPods:
-                    additionalProperties:
-                      format: date-time
-                      type: string
-                    description: DeletingPods is similar with CreatingPods and it contains information about pod deletion.
-                    type: object
-                  missingReplicas:
-                    description: MissingReplicas is the number of replicas belong to this subset not be found. MissingReplicas > 0 indicates the subset is still missing MissingReplicas pods to create MissingReplicas = 0 indicates the subset already has enough pods, there is no need to create MissingReplicas = -1 indicates the subset's MaxReplicas not set, then there is no limit for pods number
-                    format: int32
-                    type: integer
-                  name:
-                    description: Name should be unique between all of the subsets under one WorkloadSpread.
-                    type: string
-                  replicas:
-                    description: Replicas is the most recently observed number of replicas for subset.
-                    format: int32
-                    type: integer
-                required:
-                - missingReplicas
-                - name
-                - replicas
-                type: object
-              type: array
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
-{{- end }}

charts/kruise/v0.10.0/templates/manager.yaml

@@ -1,190 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  labels:
-    control-plane: controller-manager
-  name: {{ .Values.installation.namespace }}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: kruise-webhook-service
-  namespace: {{ .Values.installation.namespace }}
-spec:
-  ports:
-    - port: 443
-      targetPort: {{ .Values.manager.webhook.port }}
-  selector:
-    control-plane: controller-manager
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: kruise-webhook-certs
-  namespace: {{ .Values.installation.namespace }}
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    control-plane: controller-manager
-  name: kruise-controller-manager
-  namespace: {{ .Values.installation.namespace }}
-spec:
-  replicas: {{ .Values.manager.replicas }}
-  selector:
-    matchLabels:
-      control-plane: controller-manager
-  minReadySeconds: 3
-  strategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxUnavailable: 0
-      maxSurge: 100%
-  template:
-    metadata:
-      labels:
-        control-plane: controller-manager
-    spec:
-      containers:
-        - args:
-            - --enable-leader-election
-            - --metrics-addr={{ .Values.manager.metrics.addr }}:{{ .Values.manager.metrics.port }}
-            - --health-probe-addr=:{{ .Values.manager.healthProbe.port }}
-            - --logtostderr=true
-            - --leader-election-namespace={{ .Values.installation.namespace }}
-            - --v={{ .Values.manager.log.level }}
-            - --feature-gates={{ .Values.featureGates }}
-          command:
-            - /manager
-          image: {{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag }}
-          imagePullPolicy: Always
-          name: manager
-          env:
-            - name: POD_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: WEBHOOK_PORT
-              value: "{{ .Values.manager.webhook.port }}"
-            - name: WEBHOOK_CONFIGURATION_FAILURE_POLICY_PODS
-              value: {{ .Values.webhookConfiguration.failurePolicy.pods }}
-          ports:
-            - containerPort: {{ .Values.manager.webhook.port }}
-              name: webhook-server
-              protocol: TCP
-            - containerPort: {{ .Values.manager.metrics.port }}
-              name: metrics
-              protocol: TCP
-            - containerPort: {{ .Values.manager.healthProbe.port }}
-              name: health
-              protocol: TCP
-          readinessProbe:
-            httpGet:
-              path: readyz
-              port: {{ .Values.manager.healthProbe.port }}
-          resources:
-            {{- toYaml .Values.manager.resources | nindent 12 }}
-      terminationGracePeriodSeconds: 10
-      affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - podAffinityTerm:
-              labelSelector:
-                matchExpressions:
-                - key: control-plane
-                  operator: In
-                  values:
-                  - controller-manager
-              topologyKey: kubernetes.io/hostname
-            weight: 100
-{{- with .Values.manager.nodeAffinity }}
-        nodeAffinity:
-{{ toYaml . | indent 10 }}
-{{- end }}
-
-{{- if .Values.manager.nodeSelector }}
-      nodeSelector:
-{{ toYaml .Values.manager.nodeSelector | indent 8 }}
-{{- end }}
-
-{{- if .Values.manager.tolerations }}
-      tolerations:
-{{ toYaml .Values.manager.tolerations | indent 8 }}
-{{- end }}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kruise-daemon
-  namespace: {{ .Values.installation.namespace }}
-{{ if contains "KruiseDaemon=false" .Values.featureGates }}{{ else }}
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: kruise-daemon
-  namespace: {{ .Values.installation.namespace }}
-  labels:
-    control-plane: daemon
-spec:
-  selector:
-    matchLabels:
-      control-plane: daemon
-  minReadySeconds: 3
-  updateStrategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxUnavailable: 10%
-  template:
-    metadata:
-      labels:
-        control-plane: daemon
-    spec:
-{{- if .Values.daemon.affinity }}
-      affinity:
-{{ toYaml .Values.daemon.affinity | indent 8 }}
-{{- end }}
-      containers:
-      - command:
-        - /kruise-daemon
-        args:
-        - --logtostderr=true
-        - --v=4
-        - --addr=:{{ .Values.daemon.port }}
-        image: {{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag }}
-        imagePullPolicy: Always
-        name: daemon
-        env:
-        - name: NODE_NAME
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: spec.nodeName
-        livenessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /healthz
-            port: {{ .Values.daemon.port }}
-            scheme: HTTP
-          initialDelaySeconds: 60
-          periodSeconds: 10
-          successThreshold: 1
-          timeoutSeconds: 1
-        resources:
-          {{- toYaml .Values.daemon.resources | nindent 12 }}
-        volumeMounts:
-        - mountPath: /hostvarrun
-          name: runtime-socket
-          readOnly: true
-      tolerations:
-      - operator: Exists
-      hostNetwork: true
-      terminationGracePeriodSeconds: 10
-      serviceAccountName: kruise-daemon
-      volumes:
-      - hostPath:
-          path: {{ .Values.daemon.socketLocation }}
-          type: ""
-        name: runtime-socket
-{{- end }}

charts/kruise/v0.10.0/templates/policy.kruise.io_podunavailablebudgets.yaml

@@ -1,164 +0,0 @@
-{{- if .Values.crds.managed }}
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.2.9
-  creationTimestamp: null
-  name: podunavailablebudgets.policy.kruise.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .status.unavailableAllowed
-    description: UnavailableAllowed number of pod unavailable that are currently allowed
-    name: Allowed
-    type: integer
-  - JSONPath: .status.currentAvailable
-    description: CurrentAvailable current number of available pods
-    name: Current
-    type: integer
-  - JSONPath: .status.desiredAvailable
-    description: DesiredAvailable minimum desired number of available pods
-    name: Desired
-    type: integer
-  - JSONPath: .status.totalReplicas
-    description: TotalReplicas total number of pods counted by this budget
-    name: Total
-    type: integer
-  group: policy.kruise.io
-  names:
-    kind: PodUnavailableBudget
-    listKind: PodUnavailableBudgetList
-    plural: podunavailablebudgets
-    shortNames:
-    - pub
-    singular: podunavailablebudget
-  scope: Namespaced
-  subresources:
-    status: {}
-  validation:
-    openAPIV3Schema:
-      description: PodUnavailableBudget is the Schema for the podunavailablebudgets API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: PodUnavailableBudgetSpec defines the desired state of PodUnavailableBudget
-          properties:
-            maxUnavailable:
-              anyOf:
-              - type: integer
-              - type: string
-              description: Delete pod, evict pod or update pod specification is allowed if at most "maxUnavailable" pods selected by "selector" or "targetRef"  are unavailable after the above operation for pod. MaxUnavailable and MinAvailable are mutually exclusive, MaxUnavailable is priority to take effect
-              x-kubernetes-int-or-string: true
-            minAvailable:
-              anyOf:
-              - type: integer
-              - type: string
-              description: Delete pod, evict pod or update pod specification is allowed if at least "minAvailable" pods selected by "selector" or "targetRef" will still be available after the above operation for pod.
-              x-kubernetes-int-or-string: true
-            selector:
-              description: Selector label query over pods managed by the budget
-              properties:
-                matchExpressions:
-                  description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                  items:
-                    description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                    properties:
-                      key:
-                        description: key is the label key that the selector applies to.
-                        type: string
-                      operator:
-                        description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                        type: string
-                      values:
-                        description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                        items:
-                          type: string
-                        type: array
-                    required:
-                    - key
-                    - operator
-                    type: object
-                  type: array
-                matchLabels:
-                  additionalProperties:
-                    type: string
-                  description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                  type: object
-              type: object
-            targetRef:
-              description: TargetReference contains enough information to let you identify an workload for PodUnavailableBudget Selector and TargetReference are mutually exclusive, TargetReference is priority to take effect
-              properties:
-                apiVersion:
-                  description: API version of the referent.
-                  type: string
-                kind:
-                  description: Kind of the referent.
-                  type: string
-                name:
-                  description: Name of the referent.
-                  type: string
-              type: object
-          type: object
-        status:
-          description: PodUnavailableBudgetStatus defines the observed state of PodUnavailableBudget
-          properties:
-            currentAvailable:
-              description: CurrentAvailable current number of available pods
-              format: int32
-              type: integer
-            desiredAvailable:
-              description: DesiredAvailable minimum desired number of available pods
-              format: int32
-              type: integer
-            disruptedPods:
-              additionalProperties:
-                format: date-time
-                type: string
-              description: DisruptedPods contains information about pods whose eviction or deletion was processed by the API handler but has not yet been observed by the PodUnavailableBudget.
-              type: object
-            observedGeneration:
-              description: Most recent generation observed when updating this PUB status. UnavailableAllowed and other status information is valid only if observedGeneration equals to PUB's object generation.
-              format: int64
-              type: integer
-            totalReplicas:
-              description: TotalReplicas total number of pods counted by this budget
-              format: int32
-              type: integer
-            unavailableAllowed:
-              description: UnavailableAllowed number of pod unavailable that are currently allowed
-              format: int32
-              type: integer
-            unavailablePods:
-              additionalProperties:
-                format: date-time
-                type: string
-              description: UnavailablePods contains information about pods whose specification changed(inplace-update pod), once pod is available(consistent and ready) again, it will be removed from the list.
-              type: object
-          required:
-          - currentAvailable
-          - desiredAvailable
-          - totalReplicas
-          - unavailableAllowed
-          type: object
-      type: object
-  version: v1alpha1
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
-{{- end }}

charts/kruise/v0.10.0/templates/rbac_role.yaml

@@ -1,570 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: kruise-leader-election-role
-  namespace: {{ .Values.installation.namespace }}
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - configmaps/status
-  verbs:
-  - get
-  - update
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  creationTimestamp: null
-  name: kruise-manager-role
-rules:
-- apiGroups:
-  {{ toYaml .Values.installation.roleListGroups }}
-  resources:
-  - '*'
-  verbs:
-  - list
-- apiGroups:
-  - admissionregistration.k8s.io
-  resources:
-  - mutatingwebhookconfigurations
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - admissionregistration.k8s.io
-  resources:
-  - validatingwebhookconfigurations
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps
-  resources:
-  - controllerrevisions
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps
-  resources:
-  - deployments/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - apps
-  resources:
-  - replicasets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - apps
-  resources:
-  - replicasets/status
-  verbs:
-  - get
-- apiGroups:
-  - apps
-  resources:
-  - statefulsets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps
-  resources:
-  - statefulsets/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - advancedcronjobs
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - advancedcronjobs/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - broadcastjobs
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - broadcastjobs/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - clonesets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - clonesets/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - containerrecreaterequests
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - containerrecreaterequests/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - daemonsets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - daemonsets/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - imagepulljobs
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - imagepulljobs/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - nodeimages
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - nodeimages/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - sidecarsets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - sidecarsets/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - statefulsets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - statefulsets/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - uniteddeployments
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - uniteddeployments/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - workloadspreads
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - workloadspreads/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - batch
-  resources:
-  - jobs
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - batch
-  resources:
-  - jobs/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - persistentvolumeclaims
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - pods/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - policy.kruise.io
-  resources:
-  - podunavailablebudgets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - policy.kruise.io
-  resources:
-  - podunavailablebudgets/status
-  verbs:
-  - get
-  - patch
-  - update
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  creationTimestamp: null
-  name: kruise-daemon-role
-rules:
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - nodeimages
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - nodeimages/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - update
-  - patch
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - containerrecreaterequests
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - apps.kruise.io
-  resources:
-  - containerrecreaterequests/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - pods/status
-  verbs:
-  - get
-  - patch
-  - update
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: kruise-leader-election-rolebinding
-  namespace: {{ .Values.installation.namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: kruise-leader-election-role
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: {{ .Values.installation.namespace }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: kruise-manager-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kruise-manager-role
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: {{ .Values.installation.namespace }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: kruise-daemon-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kruise-daemon-role
-subjects:
-  - kind: ServiceAccount
-    name: kruise-daemon
-    namespace: {{ .Values.installation.namespace }}