infra/crds-catalog
1
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Compare commits

merge into: infra:main
Branches Tags
infra:main
infra:catalog
...
pull from: infra:catalog
Branches Tags
infra:catalog
infra:main

No commits in common. "main" and "catalog" have entirely different histories.
main ... catalog

120 changed files with 74402 additions and 366 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +0,0 @@
/dist

1
.prettierignore
View File

@ -1 +0,0 @@
LICENSE

31
.woodpecker/build-package.yml
View File

@ -1,31 +0,0 @@
---
when:
- event: [pull_request, tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
steps:
- name: build
image: quay.io/thegeeklab/kube-tools
commands:
- make
- name: publish
image: quay.io/thegeeklab/wp-git-action
settings:
action:
- pages
author_email: shipper@rknet.org
author_name: shipper
branch: catalog
message: auto-update crds catalog
netrc_machine: gitea.rknet.org
netrc_password:
from_secret: gitea_token
pages_directory: dist/
remote_url: https://gitea.rknet.org/infra/${CI_REPO_NAME}
when:
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}

26
.woodpecker/notify.yml
View File

@ -1,26 +0,0 @@
---
when:
- event: [tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
runs_on: [success, failure]
steps:
- name: matrix
image: quay.io/thegeeklab/wp-matrix
settings:
homeserver:
from_secret: matrix_homeserver
room_id:
from_secret: matrix_room_id
user_id:
from_secret: matrix_user_id
access_token:
from_secret: matrix_access_token
when:
- status: [success, failure]
depends_on:
- build-package

21
LICENSE
View File

@ -1,21 +0,0 @@
MIT License
Copyright (c) 2022 Robert Kaussow <mail@thegeeklab.de>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:
The above copyright notice and this permission notice (including the next
paragraph) shall be included in all copies or substantial portions of the
Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

33
Makefile
View File

@ -1,33 +0,0 @@
CWD ?= $(shell pwd)
.EXPORT_ALL_VARIABLES:
DIST := $(CWD)/dist
TMP_CRD_DIR := $(HOME)/.crds-catalog
DIST_DIRS := $(DIST) $(TMP_CRD_DIR)
# renovate: datasource=github-releases depName=projectcalico/calico
CALICO_VERSION := v3.29.1
# renovate: datasource=github-releases depName=fluxcd/flux2
FLUXCD_VERSION := v2.4.0
# renovate: datasource=github-releases depName=cert-manager/cert-manager
CERTMANAGER_VERSION := v1.16.2
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
CNPG_VERSION := v1.24.1
# renovate: datasource=github-releases depName=minio/operator
MINIO_VERSION := v6.0.4
# renovate: datasource=helm depName=k8up registryUrl=https://k8up-io.github.io/k8up
K8UP_VERSION := 4.8.1
# renovate: datasource=github-releases depName=metallb/metallb
METALLB_VERSION := v0.14.8
.PHONY: all
all: clean generate
.PHONY: clean
clean:
@rm -rf $(DIST_DIRS)
.PHONY: generate
generate:
@mkdir -p $(DIST)
@./generate.sh $(handler)

25
README.md
View File

@ -1,25 +0,0 @@
# crds-catalog
[![Build Status](https://ci.rknet.org/api/badges/infra/crds-catalog/status.svg)](https://ci.rknet.org/repos/infra/crds-catalog)
[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/infra/crds-catalog/src/branch/main/LICENSE)
This repository to aggregatepopular Kubernetes CRDs (CustomResourceDefinition) in JSON schema format. These schemas can be used by various tools such as Datree, Kubeconform and Kubeval to perform validation on custom (and native) Kuberentes resources. Running Kubernetes schema validation checks helps apply the "shift-left approach" on machines without giving them access to your cluster (e.g. locally or on CI).
The project is inspired by [Datree's CRDs-catalog](https://github.com/datreeio/CRDs-catalog) and was created to manage CRDs required for my own Kubernetes deployments.
## Usage
Schemes are generated by the CI and automatically pushed to the `catalog` branch.
### Kubeconform
```Shell
kubeconform \
-schema-location default \
-schema-location 'https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' \
<path/to/manifest.yaml>
```
## License
This project is licensed under the MIT License - see the [LICENSE](https://github.com/ansible/galaxy/blob/main/LICENSE) file for details.

22
cert-manager.io/all-anyOf.json Normal file
View File

@ -0,0 +1,22 @@
{
"anyOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/cert-manager.io/certificate_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/cert-manager.io/certificaterequest_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/cert-manager.io/challenge_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/cert-manager.io/clusterissuer_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/cert-manager.io/issuer_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/cert-manager.io/order_v1.json"
}
]
}

22
cert-manager.io/all-oneOf.json Normal file
View File

@ -0,0 +1,22 @@
{
"oneOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/cert-manager.io/certificate_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/cert-manager.io/certificaterequest_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/cert-manager.io/challenge_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/cert-manager.io/clusterissuer_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/cert-manager.io/issuer_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/cert-manager.io/order_v1.json"
}
]
}

562
cert-manager.io/certificate_v1.json Normal file
View File

@ -0,0 +1,562 @@
{
"description": "A Certificate resource should be created to ensure an up to date and signed\nX.509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`.\n\nThe stored certificate will be renewed before it expires (as configured by `spec.renewBefore`).",
"type": "object",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "Specification of the desired state of the Certificate resource.\nhttps://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status",
"type": "object",
"required": [
"issuerRef",
"secretName"
],
"properties": {
"additionalOutputFormats": {
"description": "Defines extra output formats of the private key and signed certificate chain\nto be written to this Certificate's target Secret.\n\nThis is a Beta Feature enabled by default. It can be disabled with the\n`--feature-gates=AdditionalCertificateOutputFormats=false` option set on both\nthe controller and webhook components.",
"type": "array",
"items": {
"description": "CertificateAdditionalOutputFormat defines an additional output format of a\nCertificate resource. These contain supplementary data formats of the signed\ncertificate chain and paired private key.",
"type": "object",
"required": [
"type"
],
"properties": {
"type": {
"description": "Type is the name of the format type that should be written to the\nCertificate's target Secret.",
"type": "string",
"enum": [
"DER",
"CombinedPEM"
]
}
},
"additionalProperties": false
}
},
"commonName": {
"description": "Requested common name X509 certificate subject attribute.\nMore info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6\nNOTE: TLS clients will ignore this value when any subject alternative name is\nset (see https://tools.ietf.org/html/rfc6125#section-6.4.4).\n\nShould have a length of 64 characters or fewer to avoid generating invalid CSRs.\nCannot be set if the `literalSubject` field is set.",
"type": "string"
},
"dnsNames": {
"description": "Requested DNS subject alternative names.",
"type": "array",
"items": {
"type": "string"
}
},
"duration": {
"description": "Requested 'duration' (i.e. lifetime) of the Certificate. Note that the\nissuer may choose to ignore the requested duration, just like any other\nrequested attribute.\n\nIf unset, this defaults to 90 days.\nMinimum accepted duration is 1 hour.\nValue must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration.",
"type": "string"
},
"emailAddresses": {
"description": "Requested email subject alternative names.",
"type": "array",
"items": {
"type": "string"
}
},
"encodeUsagesInRequest": {
"description": "Whether the KeyUsage and ExtKeyUsage extensions should be set in the encoded CSR.\n\nThis option defaults to true, and should only be disabled if the target\nissuer does not support CSRs with these X509 KeyUsage/ ExtKeyUsage extensions.",
"type": "boolean"
},
"ipAddresses": {
"description": "Requested IP address subject alternative names.",
"type": "array",
"items": {
"type": "string"
}
},
"isCA": {
"description": "Requested basic constraints isCA value.\nThe isCA value is used to set the `isCA` field on the created CertificateRequest\nresources. Note that the issuer may choose to ignore the requested isCA value, just\nlike any other requested attribute.\n\nIf true, this will automatically add the `cert sign` usage to the list\nof requested `usages`.",
"type": "boolean"
},
"issuerRef": {
"description": "Reference to the issuer responsible for issuing the certificate.\nIf the issuer is namespace-scoped, it must be in the same namespace\nas the Certificate. If the issuer is cluster-scoped, it can be used\nfrom any namespace.\n\nThe `name` field of the reference must always be specified.",
"type": "object",
"required": [
"name"
],
"properties": {
"group": {
"description": "Group of the resource being referred to.",
"type": "string"
},
"kind": {
"description": "Kind of the resource being referred to.",
"type": "string"
},
"name": {
"description": "Name of the resource being referred to.",
"type": "string"
}
},
"additionalProperties": false
},
"keystores": {
"description": "Additional keystore output formats to be stored in the Certificate's Secret.",
"type": "object",
"properties": {
"jks": {
"description": "JKS configures options for storing a JKS keystore in the\n`spec.secretName` Secret resource.",
"type": "object",
"required": [
"create",
"passwordSecretRef"
],
"properties": {
"alias": {
"description": "Alias specifies the alias of the key in the keystore, required by the JKS format.\nIf not provided, the default alias `certificate` will be used.",
"type": "string"
},
"create": {
"description": "Create enables JKS keystore creation for the Certificate.\nIf true, a file named `keystore.jks` will be created in the target\nSecret resource, encrypted using the password stored in\n`passwordSecretRef`.\nThe keystore file will be updated immediately.\nIf the issuer provided a CA certificate, a file named `truststore.jks`\nwill also be created in the target Secret resource, encrypted using the\npassword stored in `passwordSecretRef`\ncontaining the issuing Certificate Authority",
"type": "boolean"
},
"passwordSecretRef": {
"description": "PasswordSecretRef is a reference to a key in a Secret resource\ncontaining the password used to encrypt the JKS keystore.",
"type": "object",
"required": [
"name"
],
"properties": {
"key": {
"description": "The key of the entry in the Secret resource's `data` field to be used.\nSome instances of this field may be defaulted, in others it may be\nrequired.",
"type": "string"
},
"name": {
"description": "Name of the resource being referred to.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names",
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"pkcs12": {
"description": "PKCS12 configures options for storing a PKCS12 keystore in the\n`spec.secretName` Secret resource.",
"type": "object",
"required": [
"create",
"passwordSecretRef"
],
"properties": {
"create": {
"description": "Create enables PKCS12 keystore creation for the Certificate.\nIf true, a file named `keystore.p12` will be created in the target\nSecret resource, encrypted using the password stored in\n`passwordSecretRef`.\nThe keystore file will be updated immediately.\nIf the issuer provided a CA certificate, a file named `truststore.p12` will\nalso be created in the target Secret resource, encrypted using the\npassword stored in `passwordSecretRef` containing the issuing Certificate\nAuthority",
"type": "boolean"
},
"passwordSecretRef": {
"description": "PasswordSecretRef is a reference to a key in a Secret resource\ncontaining the password used to encrypt the PKCS12 keystore.",
"type": "object",
"required": [
"name"
],
"properties": {
"key": {
"description": "The key of the entry in the Secret resource's `data` field to be used.\nSome instances of this field may be defaulted, in others it may be\nrequired.",
"type": "string"
},
"name": {
"description": "Name of the resource being referred to.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names",
"type": "string"
}
},
"additionalProperties": false
},
"profile": {
"description": "Profile specifies the key and certificate encryption algorithms and the HMAC algorithm\nused to create the PKCS12 keystore. Default value is `LegacyRC2` for backward compatibility.\n\nIf provided, allowed values are:\n`LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20.\n`LegacyDES`: Less secure algorithm. Use this option for maximal compatibility.\n`Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms\n(eg. because of company policy). Please note that the security of the algorithm is not that important\nin reality, because the unencrypted certificate and private key are also stored in the Secret.",
"type": "string",
"enum": [
"LegacyRC2",
"LegacyDES",
"Modern2023"
]
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"literalSubject": {
"description": "Requested X.509 certificate subject, represented using the LDAP \"String\nRepresentation of a Distinguished Name\" [1].\nImportant: the LDAP string format also specifies the order of the attributes\nin the subject, this is important when issuing certs for LDAP authentication.\nExample: `CN=foo,DC=corp,DC=example,DC=com`\nMore info [1]: https://datatracker.ietf.org/doc/html/rfc4514\nMore info: https://github.com/cert-manager/cert-manager/issues/3203\nMore info: https://github.com/cert-manager/cert-manager/issues/4424\n\nCannot be set if the `subject` or `commonName` field is set.",
"type": "string"
},
"nameConstraints": {
"description": "x.509 certificate NameConstraint extension which MUST NOT be used in a non-CA certificate.\nMore Info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10\n\nThis is an Alpha Feature and is only enabled with the\n`--feature-gates=NameConstraints=true` option set on both\nthe controller and webhook components.",
"type": "object",
"properties": {
"critical": {
"description": "if true then the name constraints are marked critical.",
"type": "boolean"
},
"excluded": {
"description": "Excluded contains the constraints which must be disallowed. Any name matching a\nrestriction in the excluded field is invalid regardless\nof information appearing in the permitted",
"type": "object",
"properties": {
"dnsDomains": {
"description": "DNSDomains is a list of DNS domains that are permitted or excluded.",
"type": "array",
"items": {
"type": "string"
}
},
"emailAddresses": {
"description": "EmailAddresses is a list of Email Addresses that are permitted or excluded.",
"type": "array",
"items": {
"type": "string"
}
},
"ipRanges": {
"description": "IPRanges is a list of IP Ranges that are permitted or excluded.\nThis should be a valid CIDR notation.",
"type": "array",
"items": {
"type": "string"
}
},
"uriDomains": {
"description": "URIDomains is a list of URI domains that are permitted or excluded.",
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"permitted": {
"description": "Permitted contains the constraints in which the names must be located.",
"type": "object",
"properties": {
"dnsDomains": {
"description": "DNSDomains is a list of DNS domains that are permitted or excluded.",
"type": "array",
"items": {
"type": "string"
}
},
"emailAddresses": {
"description": "EmailAddresses is a list of Email Addresses that are permitted or excluded.",
"type": "array",
"items": {
"type": "string"
}
},
"ipRanges": {
"description": "IPRanges is a list of IP Ranges that are permitted or excluded.\nThis should be a valid CIDR notation.",
"type": "array",
"items": {
"type": "string"
}
},
"uriDomains": {
"description": "URIDomains is a list of URI domains that are permitted or excluded.",
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false
}
},
"additionalProperties": false
},
"otherNames": {
"description": "`otherNames` is an escape hatch for SAN that allows any type. We currently restrict the support to string like otherNames, cf RFC 5280 p 37\nAny UTF8 String valued otherName can be passed with by setting the keys oid: x.x.x.x and UTF8Value: somevalue for `otherName`.\nMost commonly this would be UPN set with oid: 1.3.6.1.4.1.311.20.2.3\nYou should ensure that any OID passed is valid for the UTF8String type as we do not explicitly validate this.",
"type": "array",
"items": {
"type": "object",
"properties": {
"oid": {
"description": "OID is the object identifier for the otherName SAN.\nThe object identifier must be expressed as a dotted string, for\nexample, \"1.2.840.113556.1.4.221\".",
"type": "string"
},
"utf8Value": {
"description": "utf8Value is the string value of the otherName SAN.\nThe utf8Value accepts any valid UTF8 string to set as value for the otherName SAN.",
"type": "string"
}
},
"additionalProperties": false
}
},
"privateKey": {
"description": "Private key options. These include the key algorithm and size, the used\nencoding and the rotation policy.",
"type": "object",
"properties": {
"algorithm": {
"description": "Algorithm is the private key algorithm of the corresponding private key\nfor this certificate.\n\nIf provided, allowed values are either `RSA`, `ECDSA` or `Ed25519`.\nIf `algorithm` is specified and `size` is not provided,\nkey size of 2048 will be used for `RSA` key algorithm and\nkey size of 256 will be used for `ECDSA` key algorithm.\nkey size is ignored when using the `Ed25519` key algorithm.",
"type": "string",
"enum": [
"RSA",
"ECDSA",
"Ed25519"
]
},
"encoding": {
"description": "The private key cryptography standards (PKCS) encoding for this\ncertificate's private key to be encoded in.\n\nIf provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1\nand PKCS#8, respectively.\nDefaults to `PKCS1` if not specified.",
"type": "string",
"enum": [
"PKCS1",
"PKCS8"
]
},
"rotationPolicy": {
"description": "RotationPolicy controls how private keys should be regenerated when a\nre-issuance is being processed.\n\nIf set to `Never`, a private key will only be generated if one does not\nalready exist in the target `spec.secretName`. If one does exist but it\ndoes not have the correct algorithm or size, a warning will be raised\nto await user intervention.\nIf set to `Always`, a private key matching the specified requirements\nwill be generated whenever a re-issuance occurs.\nDefault is `Never` for backward compatibility.",
"type": "string",
"enum": [
"Never",
"Always"
]
},
"size": {
"description": "Size is the key bit size of the corresponding private key for this certificate.\n\nIf `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`,\nand will default to `2048` if not specified.\nIf `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`,\nand will default to `256` if not specified.\nIf `algorithm` is set to `Ed25519`, Size is ignored.\nNo other values are allowed.",
"type": "integer"
}
},
"additionalProperties": false
},
"renewBefore": {
"description": "How long before the currently issued certificate's expiry cert-manager should\nrenew the certificate. For example, if a certificate is valid for 60 minutes,\nand `renewBefore=10m`, cert-manager will begin to attempt to renew the certificate\n50 minutes after it was issued (i.e. when there are 10 minutes remaining until\nthe certificate is no longer valid).\n\nNOTE: The actual lifetime of the issued certificate is used to determine the\nrenewal time. If an issuer returns a certificate with a different lifetime than\nthe one requested, cert-manager will use the lifetime of the issued certificate.\n\nIf unset, this defaults to 1/3 of the issued certificate's lifetime.\nMinimum accepted value is 5 minutes.\nValue must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration.\nCannot be set if the `renewBeforePercentage` field is set.",
"type": "string"
},
"renewBeforePercentage": {
"description": "`renewBeforePercentage` is like `renewBefore`, except it is a relative percentage\nrather than an absolute duration. For example, if a certificate is valid for 60\nminutes, and `renewBeforePercentage=25`, cert-manager will begin to attempt to\nrenew the certificate 45 minutes after it was issued (i.e. when there are 15\nminutes (25%) remaining until the certificate is no longer valid).\n\nNOTE: The actual lifetime of the issued certificate is used to determine the\nrenewal time. If an issuer returns a certificate with a different lifetime than\nthe one requested, cert-manager will use the lifetime of the issued certificate.\n\nValue must be an integer in the range (0,100). The minimum effective\n`renewBefore` derived from the `renewBeforePercentage` and `duration` fields is 5\nminutes.\nCannot be set if the `renewBefore` field is set.",
"type": "integer",
"format": "int32"
},
"revisionHistoryLimit": {
"description": "The maximum number of CertificateRequest revisions that are maintained in\nthe Certificate's history. Each revision represents a single `CertificateRequest`\ncreated by this Certificate, either when it was created, renewed, or Spec\nwas changed. Revisions will be removed by oldest first if the number of\nrevisions exceeds this number.\n\nIf set, revisionHistoryLimit must be a value of `1` or greater.\nIf unset (`nil`), revisions will not be garbage collected.\nDefault value is `nil`.",
"type": "integer",
"format": "int32"
},
"secretName": {
"description": "Name of the Secret resource that will be automatically created and\nmanaged by this Certificate resource. It will be populated with a\nprivate key and certificate, signed by the denoted issuer. The Secret\nresource lives in the same namespace as the Certificate resource.",
"type": "string"
},
"secretTemplate": {
"description": "Defines annotations and labels to be copied to the Certificate's Secret.\nLabels and annotations on the Secret will be changed as they appear on the\nSecretTemplate when added or removed. SecretTemplate annotations are added\nin conjunction with, and cannot overwrite, the base set of annotations\ncert-manager sets on the Certificate's Secret.",
"type": "object",
"properties": {
"annotations": {
"description": "Annotations is a key value map to be copied to the target Kubernetes Secret.",
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"labels": {
"description": "Labels is a key value map to be copied to the target Kubernetes Secret.",
"type": "object",
"additionalProperties": {
"type": "string"
}
}
},
"additionalProperties": false
},
"subject": {
"description": "Requested set of X509 certificate subject attributes.\nMore info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6\n\nThe common name attribute is specified separately in the `commonName` field.\nCannot be set if the `literalSubject` field is set.",
"type": "object",
"properties": {
"countries": {
"description": "Countries to be used on the Certificate.",
"type": "array",
"items": {
"type": "string"
}
},
"localities": {
"description": "Cities to be used on the Certificate.",
"type": "array",
"items": {
"type": "string"
}
},
"organizationalUnits": {
"description": "Organizational Units to be used on the Certificate.",
"type": "array",
"items": {
"type": "string"
}
},
"organizations": {
"description": "Organizations to be used on the Certificate.",
"type": "array",
"items": {
"type": "string"
}
},
"postalCodes": {
"description": "Postal codes to be used on the Certificate.",
"type": "array",
"items": {
"type": "string"
}
},
"provinces": {
"description": "State/Provinces to be used on the Certificate.",
"type": "array",
"items": {
"type": "string"
}
},
"serialNumber": {
"description": "Serial number to be used on the Certificate.",
"type": "string"
},
"streetAddresses": {
"description": "Street addresses to be used on the Certificate.",
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"uris": {
"description": "Requested URI subject alternative names.",
"type": "array",
"items": {
"type": "string"
}
},
"usages": {
"description": "Requested key usages and extended key usages.\nThese usages are used to set the `usages` field on the created CertificateRequest\nresources. If `encodeUsagesInRequest` is unset or set to `true`, the usages\nwill additionally be encoded in the `request` field which contains the CSR blob.\n\nIf unset, defaults to `digital signature` and `key encipherment`.",
"type": "array",
"items": {
"description": "KeyUsage specifies valid usage contexts for keys.\nSee:\nhttps://tools.ietf.org/html/rfc5280#section-4.2.1.3\nhttps://tools.ietf.org/html/rfc5280#section-4.2.1.12\n\nValid KeyUsage values are as follows:\n\"signing\",\n\"digital signature\",\n\"content commitment\",\n\"key encipherment\",\n\"key agreement\",\n\"data encipherment\",\n\"cert sign\",\n\"crl sign\",\n\"encipher only\",\n\"decipher only\",\n\"any\",\n\"server auth\",\n\"client auth\",\n\"code signing\",\n\"email protection\",\n\"s/mime\",\n\"ipsec end system\",\n\"ipsec tunnel\",\n\"ipsec user\",\n\"timestamping\",\n\"ocsp signing\",\n\"microsoft sgc\",\n\"netscape sgc\"",
"type": "string",
"enum": [
"signing",
"digital signature",
"content commitment",
"key encipherment",
"key agreement",
"data encipherment",
"cert sign",
"crl sign",
"encipher only",
"decipher only",
"any",
"server auth",
"client auth",
"code signing",
"email protection",
"s/mime",
"ipsec end system",
"ipsec tunnel",
"ipsec user",
"timestamping",
"ocsp signing",
"microsoft sgc",
"netscape sgc"
]
}
}
},
"additionalProperties": false
},
"status": {
"description": "Status of the Certificate.\nThis is set and managed automatically.\nRead-only.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status",
"type": "object",
"properties": {
"conditions": {
"description": "List of status conditions to indicate the status of certificates.\nKnown condition types are `Ready` and `Issuing`.",
"type": "array",
"items": {
"description": "CertificateCondition contains condition information for a Certificate.",
"type": "object",
"required": [
"status",
"type"
],
"properties": {
"lastTransitionTime": {
"description": "LastTransitionTime is the timestamp corresponding to the last status\nchange of this condition.",
"type": "string",
"format": "date-time"
},
"message": {
"description": "Message is a human readable description of the details of the last\ntransition, complementing reason.",
"type": "string"
},
"observedGeneration": {
"description": "If set, this represents the .metadata.generation that the condition was\nset based upon.\nFor instance, if .metadata.generation is currently 12, but the\n.status.condition[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the Certificate.",
"type": "integer",
"format": "int64"
},
"reason": {
"description": "Reason is a brief machine readable explanation for the condition's last\ntransition.",
"type": "string"
},
"status": {
"description": "Status of the condition, one of (`True`, `False`, `Unknown`).",
"type": "string",
"enum": [
"True",
"False",
"Unknown"
]
},
"type": {
"description": "Type of the condition, known values are (`Ready`, `Issuing`).",
"type": "string"
}
},
"additionalProperties": false
},
"x-kubernetes-list-map-keys": [
"type"
],
"x-kubernetes-list-type": "map"
},
"failedIssuanceAttempts": {
"description": "The number of continuous failed issuance attempts up till now. This\nfield gets removed (if set) on a successful issuance and gets set to\n1 if unset and an issuance has failed. If an issuance has failed, the\ndelay till the next issuance will be calculated using formula\ntime.Hour * 2 ^ (failedIssuanceAttempts - 1).",
"type": "integer"
},
"lastFailureTime": {
"description": "LastFailureTime is set only if the latest issuance for this\nCertificate failed and contains the time of the failure. If an\nissuance has failed, the delay till the next issuance will be\ncalculated using formula time.Hour * 2 ^ (failedIssuanceAttempts -\n1). If the latest issuance has succeeded this field will be unset.",
"type": "string",
"format": "date-time"
},
"nextPrivateKeySecretName": {
"description": "The name of the Secret resource containing the private key to be used\nfor the next certificate iteration.\nThe keymanager controller will automatically set this field if the\n`Issuing` condition is set to `True`.\nIt will automatically unset this field when the Issuing condition is\nnot set or False.",
"type": "string"
},
"notAfter": {
"description": "The expiration time of the certificate stored in the secret named\nby this resource in `spec.secretName`.",
"type": "string",
"format": "date-time"
},
"notBefore": {
"description": "The time after which the certificate stored in the secret named\nby this resource in `spec.secretName` is valid.",
"type": "string",
"format": "date-time"
},
"renewalTime": {
"description": "RenewalTime is the time at which the certificate will be next\nrenewed.\nIf not set, no upcoming renewal is scheduled.",
"type": "string",
"format": "date-time"
},
"revision": {
"description": "The current 'revision' of the certificate as issued.\n\nWhen a CertificateRequest resource is created, it will have the\n`cert-manager.io/certificate-revision` set to one greater than the\ncurrent value of this field.\n\nUpon issuance, this field will be set to the value of the annotation\non the CertificateRequest resource used to issue the certificate.\n\nPersisting the value on the CertificateRequest resource allows the\ncertificates controller to know whether a request is part of an old\nissuance or if it is part of the ongoing revision's issuance by\nchecking if the revision value in the annotation is greater than this\nfield.",
"type": "integer"
}
},
"additionalProperties": false
}
}
}

189
cert-manager.io/certificaterequest_v1.json Normal file
View File

@ -0,0 +1,189 @@
{
"description": "A CertificateRequest is used to request a signed certificate from one of the\nconfigured issuers.\n\nAll fields within the CertificateRequest's `spec` are immutable after creation.\nA CertificateRequest will either succeed or fail, as denoted by its `Ready` status\ncondition and its `status.failureTime` field.\n\nA CertificateRequest is a one-shot resource, meaning it represents a single\npoint in time request for a certificate and cannot be re-used.",
"type": "object",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "Specification of the desired state of the CertificateRequest resource.\nhttps://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status",
"type": "object",
"required": [
"issuerRef",
"request"
],
"properties": {
"duration": {
"description": "Requested 'duration' (i.e. lifetime) of the Certificate. Note that the\nissuer may choose to ignore the requested duration, just like any other\nrequested attribute.",
"type": "string"
},
"extra": {
"description": "Extra contains extra attributes of the user that created the CertificateRequest.\nPopulated by the cert-manager webhook on creation and immutable.",
"type": "object",
"additionalProperties": {
"type": "array",
"items": {
"type": "string"
}
}
},
"groups": {
"description": "Groups contains group membership of the user that created the CertificateRequest.\nPopulated by the cert-manager webhook on creation and immutable.",
"type": "array",
"items": {
"type": "string"
},
"x-kubernetes-list-type": "atomic"
},
"isCA": {
"description": "Requested basic constraints isCA value. Note that the issuer may choose\nto ignore the requested isCA value, just like any other requested attribute.\n\nNOTE: If the CSR in the `Request` field has a BasicConstraints extension,\nit must have the same isCA value as specified here.\n\nIf true, this will automatically add the `cert sign` usage to the list\nof requested `usages`.",
"type": "boolean"
},
"issuerRef": {
"description": "Reference to the issuer responsible for issuing the certificate.\nIf the issuer is namespace-scoped, it must be in the same namespace\nas the Certificate. If the issuer is cluster-scoped, it can be used\nfrom any namespace.\n\nThe `name` field of the reference must always be specified.",
"type": "object",
"required": [
"name"
],
"properties": {
"group": {
"description": "Group of the resource being referred to.",
"type": "string"
},
"kind": {
"description": "Kind of the resource being referred to.",
"type": "string"
},
"name": {
"description": "Name of the resource being referred to.",
"type": "string"
}
},
"additionalProperties": false
},
"request": {
"description": "The PEM-encoded X.509 certificate signing request to be submitted to the\nissuer for signing.\n\nIf the CSR has a BasicConstraints extension, its isCA attribute must\nmatch the `isCA` value of this CertificateRequest.\nIf the CSR has a KeyUsage extension, its key usages must match the\nkey usages in the `usages` field of this CertificateRequest.\nIf the CSR has a ExtKeyUsage extension, its extended key usages\nmust match the extended key usages in the `usages` field of this\nCertificateRequest.",
"type": "string",
"format": "byte"
},
"uid": {
"description": "UID contains the uid of the user that created the CertificateRequest.\nPopulated by the cert-manager webhook on creation and immutable.",
"type": "string"
},
"usages": {
"description": "Requested key usages and extended key usages.\n\nNOTE: If the CSR in the `Request` field has uses the KeyUsage or\nExtKeyUsage extension, these extensions must have the same values\nas specified here without any additional values.\n\nIf unset, defaults to `digital signature` and `key encipherment`.",
"type": "array",
"items": {
"description": "KeyUsage specifies valid usage contexts for keys.\nSee:\nhttps://tools.ietf.org/html/rfc5280#section-4.2.1.3\nhttps://tools.ietf.org/html/rfc5280#section-4.2.1.12\n\nValid KeyUsage values are as follows:\n\"signing\",\n\"digital signature\",\n\"content commitment\",\n\"key encipherment\",\n\"key agreement\",\n\"data encipherment\",\n\"cert sign\",\n\"crl sign\",\n\"encipher only\",\n\"decipher only\",\n\"any\",\n\"server auth\",\n\"client auth\",\n\"code signing\",\n\"email protection\",\n\"s/mime\",\n\"ipsec end system\",\n\"ipsec tunnel\",\n\"ipsec user\",\n\"timestamping\",\n\"ocsp signing\",\n\"microsoft sgc\",\n\"netscape sgc\"",
"type": "string",
"enum": [
"signing",
"digital signature",
"content commitment",
"key encipherment",
"key agreement",
"data encipherment",
"cert sign",
"crl sign",
"encipher only",
"decipher only",
"any",
"server auth",
"client auth",
"code signing",
"email protection",
"s/mime",
"ipsec end system",
"ipsec tunnel",
"ipsec user",
"timestamping",
"ocsp signing",
"microsoft sgc",
"netscape sgc"
]
}
},
"username": {
"description": "Username contains the name of the user that created the CertificateRequest.\nPopulated by the cert-manager webhook on creation and immutable.",
"type": "string"
}
},
"additionalProperties": false
},
"status": {
"description": "Status of the CertificateRequest.\nThis is set and managed automatically.\nRead-only.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status",
"type": "object",
"properties": {
"ca": {
"description": "The PEM encoded X.509 certificate of the signer, also known as the CA\n(Certificate Authority).\nThis is set on a best-effort basis by different issuers.\nIf not set, the CA is assumed to be unknown/not available.",
"type": "string",
"format": "byte"
},
"certificate": {
"description": "The PEM encoded X.509 certificate resulting from the certificate\nsigning request.\nIf not set, the CertificateRequest has either not been completed or has\nfailed. More information on failure can be found by checking the\n`conditions` field.",
"type": "string",
"format": "byte"
},
"conditions": {
"description": "List of status conditions to indicate the status of a CertificateRequest.\nKnown condition types are `Ready`, `InvalidRequest`, `Approved` and `Denied`.",
"type": "array",
"items": {
"description": "CertificateRequestCondition contains condition information for a CertificateRequest.",
"type": "object",
"required": [
"status",
"type"
],
"properties": {
"lastTransitionTime": {
"description": "LastTransitionTime is the timestamp corresponding to the last status\nchange of this condition.",
"type": "string",
"format": "date-time"
},
"message": {
"description": "Message is a human readable description of the details of the last\ntransition, complementing reason.",
"type": "string"
},
"reason": {
"description": "Reason is a brief machine readable explanation for the condition's last\ntransition.",
"type": "string"
},
"status": {
"description": "Status of the condition, one of (`True`, `False`, `Unknown`).",
"type": "string",
"enum": [
"True",
"False",
"Unknown"
]
},
"type": {
"description": "Type of the condition, known values are (`Ready`, `InvalidRequest`,\n`Approved`, `Denied`).",
"type": "string"
}
},
"additionalProperties": false
},
"x-kubernetes-list-map-keys": [
"type"
],
"x-kubernetes-list-type": "map"
},
"failureTime": {
"description": "FailureTime stores the time that this CertificateRequest failed. This is\nused to influence garbage collection and back-off.",
"type": "string",
"format": "date-time"
}
},
"additionalProperties": false
}
}
}

2733
cert-manager.io/challenge_v1.json Normal file
View File

File diff suppressed because it is too large Load Diff

3188
cert-manager.io/clusterissuer_v1.json Normal file
View File

File diff suppressed because it is too large Load Diff

3188
cert-manager.io/issuer_v1.json Normal file
View File

File diff suppressed because it is too large Load Diff

188
cert-manager.io/order_v1.json Normal file
View File

@ -0,0 +1,188 @@
{
"description": "Order is a type to represent an Order with an ACME server",
"type": "object",
"required": [
"metadata",
"spec"
],
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"type": "object",
"required": [
"issuerRef",
"request"
],
"properties": {
"commonName": {
"description": "CommonName is the common name as specified on the DER encoded CSR.\nIf specified, this value must also be present in `dnsNames` or `ipAddresses`.\nThis field must match the corresponding field on the DER encoded CSR.",
"type": "string"
},
"dnsNames": {
"description": "DNSNames is a list of DNS names that should be included as part of the Order\nvalidation process.\nThis field must match the corresponding field on the DER encoded CSR.",
"type": "array",
"items": {
"type": "string"
}
},
"duration": {
"description": "Duration is the duration for the not after date for the requested certificate.\nthis is set on order creation as pe the ACME spec.",
"type": "string"
},
"ipAddresses": {
"description": "IPAddresses is a list of IP addresses that should be included as part of the Order\nvalidation process.\nThis field must match the corresponding field on the DER encoded CSR.",
"type": "array",
"items": {
"type": "string"
}
},
"issuerRef": {
"description": "IssuerRef references a properly configured ACME-type Issuer which should\nbe used to create this Order.\nIf the Issuer does not exist, processing will be retried.\nIf the Issuer is not an 'ACME' Issuer, an error will be returned and the\nOrder will be marked as failed.",
"type": "object",
"required": [
"name"
],
"properties": {
"group": {
"description": "Group of the resource being referred to.",
"type": "string"
},
"kind": {
"description": "Kind of the resource being referred to.",
"type": "string"
},
"name": {
"description": "Name of the resource being referred to.",
"type": "string"
}
},
"additionalProperties": false
},
"request": {
"description": "Certificate signing request bytes in DER encoding.\nThis will be used when finalizing the order.\nThis field must be set on the order.",
"type": "string",
"format": "byte"
}
},
"additionalProperties": false
},
"status": {
"type": "object",
"properties": {
"authorizations": {
"description": "Authorizations contains data returned from the ACME server on what\nauthorizations must be completed in order to validate the DNS names\nspecified on the Order.",
"type": "array",
"items": {
"description": "ACMEAuthorization contains data returned from the ACME server on an\nauthorization that must be completed in order validate a DNS name on an ACME\nOrder resource.",
"type": "object",
"required": [
"url"
],
"properties": {
"challenges": {
"description": "Challenges specifies the challenge types offered by the ACME server.\nOne of these challenge types will be selected when validating the DNS\nname and an appropriate Challenge resource will be created to perform\nthe ACME challenge process.",
"type": "array",
"items": {
"description": "Challenge specifies a challenge offered by the ACME server for an Order.\nAn appropriate Challenge resource can be created to perform the ACME\nchallenge process.",
"type": "object",
"required": [
"token",
"type",
"url"
],
"properties": {
"token": {
"description": "Token is the token that must be presented for this challenge.\nThis is used to compute the 'key' that must also be presented.",
"type": "string"
},
"type": {
"description": "Type is the type of challenge being offered, e.g. 'http-01', 'dns-01',\n'tls-sni-01', etc.\nThis is the raw value retrieved from the ACME server.\nOnly 'http-01' and 'dns-01' are supported by cert-manager, other values\nwill be ignored.",
"type": "string"
},
"url": {
"description": "URL is the URL of this challenge. It can be used to retrieve additional\nmetadata about the Challenge from the ACME server.",
"type": "string"
}
},
"additionalProperties": false
}
},
"identifier": {
"description": "Identifier is the DNS name to be validated as part of this authorization",
"type": "string"
},
"initialState": {
"description": "InitialState is the initial state of the ACME authorization when first\nfetched from the ACME server.\nIf an Authorization is already 'valid', the Order controller will not\ncreate a Challenge resource for the authorization. This will occur when\nworking with an ACME server that enables 'authz reuse' (such as Let's\nEncrypt's production endpoint).\nIf not set and 'identifier' is set, the state is assumed to be pending\nand a Challenge will be created.",
"type": "string",
"enum": [
"valid",
"ready",
"pending",
"processing",
"invalid",
"expired",
"errored"
]
},
"url": {
"description": "URL is the URL of the Authorization that must be completed",
"type": "string"
},
"wildcard": {
"description": "Wildcard will be true if this authorization is for a wildcard DNS name.\nIf this is true, the identifier will be the *non-wildcard* version of\nthe DNS name.\nFor example, if '*.example.com' is the DNS name being validated, this\nfield will be 'true' and the 'identifier' field will be 'example.com'.",
"type": "boolean"
}
},
"additionalProperties": false
}
},
"certificate": {
"description": "Certificate is a copy of the PEM encoded certificate for this Order.\nThis field will be populated after the order has been successfully\nfinalized with the ACME server, and the order has transitioned to the\n'valid' state.",
"type": "string",
"format": "byte"
},
"failureTime": {
"description": "FailureTime stores the time that this order failed.\nThis is used to influence garbage collection and back-off.",
"type": "string",
"format": "date-time"
},
"finalizeURL": {
"description": "FinalizeURL of the Order.\nThis is used to obtain certificates for this order once it has been completed.",
"type": "string"
},
"reason": {
"description": "Reason optionally provides more information about a why the order is in\nthe current state.",
"type": "string"
},
"state": {
"description": "State contains the current state of this Order resource.\nStates 'success' and 'expired' are 'final'",
"type": "string",
"enum": [
"valid",
"ready",
"pending",
"processing",
"invalid",
"expired",
"errored"
]
},
"url": {
"description": "URL of the Order.\nThis will initially be empty when the resource is first created.\nThe Order controller will populate this field when the Order is first processed.\nThis field will be immutable after it is initially set.",
"type": "string"
}
},
"additionalProperties": false
}
}
}

190
generate.sh
View File

@ -1,190 +0,0 @@
#!/usr/bin/env bash
set -eo pipefail
shopt -s globstar
prepare() {
mkdir -p "${WORKDIR}"
curl -SsfL -o "${WORKDIR}/${NAME}.crds.yaml" "${SOURCE}"
}
output() {
TARGET_DIR="$DIST/$API"
mkdir -p "$TARGET_DIR"
for FILE in "${WORKDIR}"/*.json; do
FILENAME=$(basename "$FILE")
mv "$FILE" "$TARGET_DIR/$FILENAME"
done
}
generate_all() {
export SOURCE=$1
export TYPE=anyOf
gomplate -d source=env:SOURCE -d type=env:TYPE -o "$SOURCE/all-$TYPE.json" -f templates/all.json.tmpl
export TYPE=oneOf
gomplate -d source=env:SOURCE -d type=env:TYPE -o "$SOURCE/all-$TYPE.json" -f templates/all.json.tmpl
}
exec_openapi() {
printf "Processing %s ...\n" "$1"
prepare
(
cd "$WORKDIR"
openapi2jsonschema "${NAME}.crds.yaml" >/dev/null
)
output
generate_all "$TARGET_DIR"
}
calico_handler() {
API=projectcalico.org
NAME=calico
WORKDIR="${TMP_CRD_DIR}/calico"
SOURCE="https://raw.githubusercontent.com/projectcalico/calico/${CALICO_VERSION}/manifests/calico.yaml"
printf "Processing %s ...\n" $API
prepare
(
cd "$WORKDIR"
openapi2jsonschema "${NAME}.crds.yaml" >/dev/null
)
TARGET_DIR="$DIST/$API"
mkdir -p "$TARGET_DIR"
for FILE in "${WORKDIR}"/*.json; do
FILENAME=$(basename "$FILE")
mv "$FILE" "$TARGET_DIR/${FILENAME//_v1/_v3}"
done
generate_all "$TARGET_DIR"
}
flux_handler() {
API=toolkit.fluxcd.io
WORKDIR="${TMP_CRD_DIR}/flux"
SOURCE="https://github.com/fluxcd/flux2/releases/download/${FLUXCD_VERSION}/crd-schemas.tar.gz"
printf "Processing %s ...\n" $API
mkdir -p "${WORKDIR}"
curl -SsfL "${SOURCE}" | tar xz -C "${WORKDIR}"
for FILE in "${WORKDIR}"/*.json; do
FILENAME=$(basename "$FILE")
case "$FILENAME" in
all.json | _definitions.json)
continue
;;
esac
PREFIX="${FILENAME%%\-*}"
MIDDLE="${FILENAME#*-}"
SUFFIX="${MIDDLE#*-}"
MIDDLE="${MIDDLE%%\-*}"
TARGET_DIR="$DIST/$MIDDLE.$API"
TARGET_NAME="$TARGET_DIR/$PREFIX""_""$SUFFIX"
mkdir -p "$TARGET_DIR"
mv "$FILE" "$TARGET_NAME"
generate_all "$TARGET_DIR"
done
}
metallb_handler() {
API=metallb.io
NAME=metallb
WORKDIR="${TMP_CRD_DIR}/$NAME"
SOURCE="https://raw.githubusercontent.com/metallb/metallb/${METALLB_VERSION}/charts/metallb/charts/crds/templates/crds.yaml"
printf "Processing %s ...\n" $API
prepare
(
cd "$WORKDIR"
yq --inplace 'del(.spec.conversion)' "${NAME}.crds.yaml"
openapi2jsonschema "${NAME}.crds.yaml" >/dev/null
)
output
generate_all "$TARGET_DIR"
}
objectbucket_handler() {
API=objectbucket.io
NAME=objectbucket
WORKDIR="${TMP_CRD_DIR}/$NAME"
SOURCE="https://github.com/kube-object-storage/lib-bucket-provisioner/archive/refs/tags/kubernetes-v1.14.1.tar.gz"
printf "Processing %s ...\n" $API
mkdir -p "${WORKDIR}"
curl -SsfL "${SOURCE}" | tar xz -C "${WORKDIR}" --strip-components=1
(
cd "$WORKDIR"
for FILE in "${WORKDIR}"/deploy/crds/*crd.yaml; do
openapi2jsonschema "${FILE}" >/dev/null
done
)
output
generate_all "$TARGET_DIR"
}
cnpg_handler() {
API=postgresql.cnpg.io
NAME=cnpg
WORKDIR="${TMP_CRD_DIR}/$NAME"
SOURCE="https://github.com/cloudnative-pg/cloudnative-pg/releases/download/${CNPG_VERSION}/cnpg-${CNPG_VERSION##v}.yaml"
exec_openapi $API
}
certmanager_handler() {
API=cert-manager.io
NAME=cert-manager
WORKDIR="${TMP_CRD_DIR}/$NAME"
SOURCE="https://github.com/cert-manager/cert-manager/releases/download/${CERTMANAGER_VERSION}/cert-manager.crds.yaml"
exec_openapi $API
}
minio_handler() {
API=minio.min.io
NAME=minio
WORKDIR="${TMP_CRD_DIR}/$NAME"
SOURCE="https://raw.githubusercontent.com/minio/operator/${MINIO_VERSION}/resources/base/crds/minio.min.io_tenants.yaml"
exec_openapi $API
}
k8up_handler() {
API=k8up.io
NAME=k8up
WORKDIR="${TMP_CRD_DIR}/$NAME"
SOURCE="https://github.com/k8up-io/k8up/releases/download/k8up-${K8UP_VERSION}/k8up-crd.yaml"
exec_openapi $API
}
handlers=(
calico_handler
flux_handler
metallb_handler
objectbucket_handler
cnpg_handler
certmanager_handler
minio_handler
k8up_handler
)
if [ $# -eq 0 ]; then
for handler in "${handlers[@]}"; do
"$handler"
done
else
"$1"_handler
fi

13
helm.toolkit.fluxcd.io/all-anyOf.json Normal file
View File

@ -0,0 +1,13 @@
{
"anyOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/helm.toolkit.fluxcd.io/helmrelease_v2.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json"
}
]
}

13
helm.toolkit.fluxcd.io/all-oneOf.json Normal file
View File

@ -0,0 +1,13 @@
{
"oneOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/helm.toolkit.fluxcd.io/helmrelease_v2.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json"
}
]
}

1051
helm.toolkit.fluxcd.io/helmrelease_v2.json Normal file
View File

File diff suppressed because it is too large Load Diff

1099
helm.toolkit.fluxcd.io/helmrelease_v2beta1.json Normal file
View File

File diff suppressed because it is too large Load Diff

1147
helm.toolkit.fluxcd.io/helmrelease_v2beta2.json Normal file
View File

File diff suppressed because it is too large Load Diff

22
image.toolkit.fluxcd.io/all-anyOf.json Normal file
View File

@ -0,0 +1,22 @@
{
"anyOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/image.toolkit.fluxcd.io/imagepolicy_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/image.toolkit.fluxcd.io/imagepolicy_v1beta2.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/image.toolkit.fluxcd.io/imagerepository_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/image.toolkit.fluxcd.io/imagerepository_v1beta2.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/image.toolkit.fluxcd.io/imageupdateautomation_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/image.toolkit.fluxcd.io/imageupdateautomation_v1beta2.json"
}
]
}

22
image.toolkit.fluxcd.io/all-oneOf.json Normal file
View File

@ -0,0 +1,22 @@
{
"oneOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/image.toolkit.fluxcd.io/imagepolicy_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/image.toolkit.fluxcd.io/imagepolicy_v1beta2.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/image.toolkit.fluxcd.io/imagerepository_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/image.toolkit.fluxcd.io/imagerepository_v1beta2.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/image.toolkit.fluxcd.io/imageupdateautomation_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/image.toolkit.fluxcd.io/imageupdateautomation_v1beta2.json"
}
]
}

187
image.toolkit.fluxcd.io/imagepolicy_v1beta1.json Normal file
View File

@ -0,0 +1,187 @@
{
"description": "ImagePolicy is the Schema for the imagepolicies API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "ImagePolicySpec defines the parameters for calculating the\nImagePolicy",
"properties": {
"filterTags": {
"description": "FilterTags enables filtering for only a subset of tags based on a set of\nrules. If no rules are provided, all the tags from the repository will be\nordered and compared.",
"properties": {
"extract": {
"description": "Extract allows a capture group to be extracted from the specified regular\nexpression pattern, useful before tag evaluation.",
"type": "string"
},
"pattern": {
"description": "Pattern specifies a regular expression pattern used to filter for image\ntags.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"imageRepositoryRef": {
"description": "ImageRepositoryRef points at the object specifying the image\nbeing scanned",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
},
"namespace": {
"description": "Namespace of the referent, when not specified it acts as LocalObjectReference.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"policy": {
"description": "Policy gives the particulars of the policy to be followed in\nselecting the most recent image",
"properties": {
"alphabetical": {
"description": "Alphabetical set of rules to use for alphabetical ordering of the tags.",
"properties": {
"order": {
"default": "asc",
"description": "Order specifies the sorting order of the tags. Given the letters of the\nalphabet as tags, ascending order would select Z, and descending order\nwould select A.",
"enum": [
"asc",
"desc"
],
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"numerical": {
"description": "Numerical set of rules to use for numerical ordering of the tags.",
"properties": {
"order": {
"default": "asc",
"description": "Order specifies the sorting order of the tags. Given the integer values\nfrom 0 to 9 as tags, ascending order would select 9, and descending order\nwould select 0.",
"enum": [
"asc",
"desc"
],
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"semver": {
"description": "SemVer gives a semantic version range to check against the tags\navailable.",
"properties": {
"range": {
"description": "Range gives a semver range for the image tag; the highest\nversion within the range that's a tag yields the latest image.",
"type": "string"
}
},
"required": [
"range"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"imageRepositoryRef",
"policy"
],
"type": "object",
"additionalProperties": false
},
"status": {
"default": {
"observedGeneration": -1
},
"description": "ImagePolicyStatus defines the observed state of ImagePolicy",
"properties": {
"conditions": {
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"latestImage": {
"description": "LatestImage gives the first in the list of images scanned by\nthe image repository, when filtered and ordered according to\nthe policy.",
"type": "string"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

191
image.toolkit.fluxcd.io/imagepolicy_v1beta2.json Normal file
View File

@ -0,0 +1,191 @@
{
"description": "ImagePolicy is the Schema for the imagepolicies API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "ImagePolicySpec defines the parameters for calculating the\nImagePolicy.",
"properties": {
"filterTags": {
"description": "FilterTags enables filtering for only a subset of tags based on a set of\nrules. If no rules are provided, all the tags from the repository will be\nordered and compared.",
"properties": {
"extract": {
"description": "Extract allows a capture group to be extracted from the specified regular\nexpression pattern, useful before tag evaluation.",
"type": "string"
},
"pattern": {
"description": "Pattern specifies a regular expression pattern used to filter for image\ntags.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"imageRepositoryRef": {
"description": "ImageRepositoryRef points at the object specifying the image\nbeing scanned",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
},
"namespace": {
"description": "Namespace of the referent, when not specified it acts as LocalObjectReference.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"policy": {
"description": "Policy gives the particulars of the policy to be followed in\nselecting the most recent image",
"properties": {
"alphabetical": {
"description": "Alphabetical set of rules to use for alphabetical ordering of the tags.",
"properties": {
"order": {
"default": "asc",
"description": "Order specifies the sorting order of the tags. Given the letters of the\nalphabet as tags, ascending order would select Z, and descending order\nwould select A.",
"enum": [
"asc",
"desc"
],
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"numerical": {
"description": "Numerical set of rules to use for numerical ordering of the tags.",
"properties": {
"order": {
"default": "asc",
"description": "Order specifies the sorting order of the tags. Given the integer values\nfrom 0 to 9 as tags, ascending order would select 9, and descending order\nwould select 0.",
"enum": [
"asc",
"desc"
],
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"semver": {
"description": "SemVer gives a semantic version range to check against the tags\navailable.",
"properties": {
"range": {
"description": "Range gives a semver range for the image tag; the highest\nversion within the range that's a tag yields the latest image.",
"type": "string"
}
},
"required": [
"range"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"imageRepositoryRef",
"policy"
],
"type": "object",
"additionalProperties": false
},
"status": {
"default": {
"observedGeneration": -1
},
"description": "ImagePolicyStatus defines the observed state of ImagePolicy",
"properties": {
"conditions": {
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"latestImage": {
"description": "LatestImage gives the first in the list of images scanned by\nthe image repository, when filtered and ordered according to\nthe policy.",
"type": "string"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"observedPreviousImage": {
"description": "ObservedPreviousImage is the observed previous LatestImage. It is used\nto keep track of the previous and current images.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

209
image.toolkit.fluxcd.io/imagerepository_v1beta1.json Normal file
View File

@ -0,0 +1,209 @@
{
"description": "ImageRepository is the Schema for the imagerepositories API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "ImageRepositorySpec defines the parameters for scanning an image\nrepository, e.g., `fluxcd/flux`.",
"properties": {
"accessFrom": {
"description": "AccessFrom defines an ACL for allowing cross-namespace references\nto the ImageRepository object based on the caller's namespace labels.",
"properties": {
"namespaceSelectors": {
"description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies.\nItems in this list are evaluated using a logical OR operation.",
"items": {
"description": "NamespaceSelector selects the namespaces to which this ACL applies.\nAn empty map of MatchLabels matches all namespaces in a cluster.",
"properties": {
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"required": [
"namespaceSelectors"
],
"type": "object",
"additionalProperties": false
},
"certSecretRef": {
"description": "CertSecretRef can be given the name of a secret containing\neither or both of\n\n - a PEM-encoded client certificate (`certFile`) and private\n key (`keyFile`);\n - a PEM-encoded CA certificate (`caFile`)\n\n and whichever are supplied, will be used for connecting to the\n registry. The client cert and key are useful if you are\n authenticating with a certificate; the CA cert is useful if\n you are using a self-signed server certificate.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"exclusionList": {
"description": "ExclusionList is a list of regex strings used to exclude certain tags\nfrom being stored in the database.",
"items": {
"type": "string"
},
"type": "array"
},
"image": {
"description": "Image is the name of the image repository",
"type": "string"
},
"interval": {
"description": "Interval is the length of time to wait between\nscans of the image repository.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$",
"type": "string"
},
"secretRef": {
"description": "SecretRef can be given the name of a secret containing\ncredentials to use for the image registry. The secret should be\ncreated with `kubectl create secret docker-registry`, or the\nequivalent.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"serviceAccountName": {
"description": "ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate\nthe image pull if the service account has attached pull secrets.",
"maxLength": 253,
"type": "string"
},
"suspend": {
"description": "This flag tells the controller to suspend subsequent image scans.\nIt does not apply to already started scans. Defaults to false.",
"type": "boolean"
},
"timeout": {
"description": "Timeout for image scanning.\nDefaults to 'Interval' duration.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m))+$",
"type": "string"
}
},
"required": [
"image",
"interval"
],
"type": "object",
"additionalProperties": false
},
"status": {
"default": {
"observedGeneration": -1
},
"description": "ImageRepositoryStatus defines the observed state of ImageRepository",
"properties": {
"canonicalImageName": {
"description": "CanonicalName is the name of the image repository with all the\nimplied bits made explicit; e.g., `docker.io/library/alpine`\nrather than `alpine`.",
"type": "string"
},
"conditions": {
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"lastHandledReconcileAt": {
"description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.",
"type": "string"
},
"lastScanResult": {
"description": "LastScanResult contains the number of fetched tags.",
"properties": {
"scanTime": {
"format": "date-time",
"type": "string"
},
"tagCount": {
"type": "integer"
}
},
"required": [
"tagCount"
],
"type": "object",
"additionalProperties": false
},
"observedGeneration": {
"description": "ObservedGeneration is the last reconciled generation.",
"format": "int64",
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

255
image.toolkit.fluxcd.io/imagerepository_v1beta2.json Normal file
View File

@ -0,0 +1,255 @@
{
"description": "ImageRepository is the Schema for the imagerepositories API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "ImageRepositorySpec defines the parameters for scanning an image\nrepository, e.g., `fluxcd/flux`.",
"properties": {
"accessFrom": {
"description": "AccessFrom defines an ACL for allowing cross-namespace references\nto the ImageRepository object based on the caller's namespace labels.",
"properties": {
"namespaceSelectors": {
"description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies.\nItems in this list are evaluated using a logical OR operation.",
"items": {
"description": "NamespaceSelector selects the namespaces to which this ACL applies.\nAn empty map of MatchLabels matches all namespaces in a cluster.",
"properties": {
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"required": [
"namespaceSelectors"
],
"type": "object",
"additionalProperties": false
},
"certSecretRef": {
"description": "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand whichever are supplied, will be used for connecting to the\nregistry. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nNote: Support for the `caFile`, `certFile` and `keyFile` keys has\nbeen deprecated.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"exclusionList": {
"default": [
"^.*\\.sig$"
],
"description": "ExclusionList is a list of regex strings used to exclude certain tags\nfrom being stored in the database.",
"items": {
"type": "string"
},
"maxItems": 25,
"type": "array"
},
"image": {
"description": "Image is the name of the image repository",
"type": "string"
},
"insecure": {
"description": "Insecure allows connecting to a non-TLS HTTP container registry.",
"type": "boolean"
},
"interval": {
"description": "Interval is the length of time to wait between\nscans of the image repository.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$",
"type": "string"
},
"provider": {
"default": "generic",
"description": "The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.\nWhen not specified, defaults to 'generic'.",
"enum": [
"generic",
"aws",
"azure",
"gcp"
],
"type": "string"
},
"proxySecretRef": {
"description": "ProxySecretRef specifies the Secret containing the proxy configuration\nto use while communicating with the container registry.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"secretRef": {
"description": "SecretRef can be given the name of a secret containing\ncredentials to use for the image registry. The secret should be\ncreated with `kubectl create secret docker-registry`, or the\nequivalent.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"serviceAccountName": {
"description": "ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate\nthe image pull if the service account has attached pull secrets.",
"maxLength": 253,
"type": "string"
},
"suspend": {
"description": "This flag tells the controller to suspend subsequent image scans.\nIt does not apply to already started scans. Defaults to false.",
"type": "boolean"
},
"timeout": {
"description": "Timeout for image scanning.\nDefaults to 'Interval' duration.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m))+$",
"type": "string"
}
},
"required": [
"image",
"interval"
],
"type": "object",
"additionalProperties": false
},
"status": {
"default": {
"observedGeneration": -1
},
"description": "ImageRepositoryStatus defines the observed state of ImageRepository",
"properties": {
"canonicalImageName": {
"description": "CanonicalName is the name of the image repository with all the\nimplied bits made explicit; e.g., `docker.io/library/alpine`\nrather than `alpine`.",
"type": "string"
},
"conditions": {
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"lastHandledReconcileAt": {
"description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.",
"type": "string"
},
"lastScanResult": {
"description": "LastScanResult contains the number of fetched tags.",
"properties": {
"latestTags": {
"items": {
"type": "string"
},
"type": "array"
},
"scanTime": {
"format": "date-time",
"type": "string"
},
"tagCount": {
"type": "integer"
}
},
"required": [
"tagCount"
],
"type": "object",
"additionalProperties": false
},
"observedExclusionList": {
"description": "ObservedExclusionList is a list of observed exclusion list. It reflects\nthe exclusion rules used for the observed scan result in\nspec.lastScanResult.",
"items": {
"type": "string"
},
"type": "array"
},
"observedGeneration": {
"description": "ObservedGeneration is the last reconciled generation.",
"format": "int64",
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

305
image.toolkit.fluxcd.io/imageupdateautomation_v1beta1.json Normal file
View File

@ -0,0 +1,305 @@
{
"description": "ImageUpdateAutomation is the Schema for the imageupdateautomations API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "ImageUpdateAutomationSpec defines the desired state of ImageUpdateAutomation",
"properties": {
"git": {
"description": "GitSpec contains all the git-specific definitions. This is\ntechnically optional, but in practice mandatory until there are\nother kinds of source allowed.",
"properties": {
"checkout": {
"description": "Checkout gives the parameters for cloning the git repository,\nready to make changes. If not present, the `spec.ref` field from the\nreferenced `GitRepository` or its default will be used.",
"properties": {
"ref": {
"description": "Reference gives a branch, tag or commit to clone from the Git\nrepository.",
"properties": {
"branch": {
"description": "Branch to check out, defaults to 'master' if no other field is defined.",
"type": "string"
},
"commit": {
"description": "Commit SHA to check out, takes precedence over all reference fields.\n\nThis can be combined with Branch to shallow clone the branch, in which\nthe commit is expected to exist.",
"type": "string"
},
"name": {
"description": "Name of the reference to check out; takes precedence over Branch, Tag and SemVer.\n\nIt must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description\nExamples: \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", \"refs/merge-requests/1/head\"",
"type": "string"
},
"semver": {
"description": "SemVer tag expression to check out, takes precedence over Tag.",
"type": "string"
},
"tag": {
"description": "Tag to check out, takes precedence over Branch.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"ref"
],
"type": "object",
"additionalProperties": false
},
"commit": {
"description": "Commit specifies how to commit to the git repository.",
"properties": {
"author": {
"description": "Author gives the email and optionally the name to use as the\nauthor of commits.",
"properties": {
"email": {
"description": "Email gives the email to provide when making a commit.",
"type": "string"
},
"name": {
"description": "Name gives the name to provide when making a commit.",
"type": "string"
}
},
"required": [
"email"
],
"type": "object",
"additionalProperties": false
},
"messageTemplate": {
"description": "MessageTemplate provides a template for the commit message,\ninto which will be interpolated the details of the change made.",
"type": "string"
},
"signingKey": {
"description": "SigningKey provides the option to sign commits with a GPG key",
"properties": {
"secretRef": {
"description": "SecretRef holds the name to a secret that contains a 'git.asc' key\ncorresponding to the ASCII Armored file containing the GPG signing\nkeypair as the value. It must be in the same namespace as the\nImageUpdateAutomation.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
}
},
"required": [
"secretRef"
],
"type": "object",
"additionalProperties": false
}
},
"required": [
"author"
],
"type": "object",
"additionalProperties": false
},
"push": {
"description": "Push specifies how and where to push commits made by the\nautomation. If missing, commits are pushed (back) to\n`.spec.checkout.branch` or its default.",
"properties": {
"branch": {
"description": "Branch specifies that commits should be pushed to the branch\nnamed. The branch is created using `.spec.checkout.branch` as the\nstarting point, if it doesn't already exist.",
"type": "string"
},
"options": {
"additionalProperties": {
"type": "string"
},
"description": "Options specifies the push options that are sent to the Git\nserver when performing a push operation. For details, see:\nhttps://git-scm.com/docs/git-push#Documentation/git-push.txt---push-optionltoptiongt",
"type": "object"
},
"refspec": {
"description": "Refspec specifies the Git Refspec to use for a push operation.\nIf both Branch and Refspec are provided, then the commit is pushed\nto the branch and also using the specified refspec.\nFor more details about Git Refspecs, see:\nhttps://git-scm.com/book/en/v2/Git-Internals-The-Refspec",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"commit"
],
"type": "object",
"additionalProperties": false
},
"interval": {
"description": "Interval gives an lower bound for how often the automation\nrun should be attempted.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$",
"type": "string"
},
"sourceRef": {
"description": "SourceRef refers to the resource giving access details\nto a git repository.",
"properties": {
"apiVersion": {
"description": "API version of the referent.",
"type": "string"
},
"kind": {
"default": "GitRepository",
"description": "Kind of the referent.",
"enum": [
"GitRepository"
],
"type": "string"
},
"name": {
"description": "Name of the referent.",
"type": "string"
},
"namespace": {
"description": "Namespace of the referent, defaults to the namespace of the Kubernetes resource object that contains the reference.",
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"suspend": {
"description": "Suspend tells the controller to not run this automation, until\nit is unset (or set to false). Defaults to false.",
"type": "boolean"
},
"update": {
"default": {
"strategy": "Setters"
},
"description": "Update gives the specification for how to update the files in\nthe repository. This can be left empty, to use the default\nvalue.",
"properties": {
"path": {
"description": "Path to the directory containing the manifests to be updated.\nDefaults to 'None', which translates to the root path\nof the GitRepositoryRef.",
"type": "string"
},
"strategy": {
"default": "Setters",
"description": "Strategy names the strategy to be used.",
"enum": [
"Setters"
],
"type": "string"
}
},
"required": [
"strategy"
],
"type": "object",
"additionalProperties": false
}
},
"required": [
"interval",
"sourceRef"
],
"type": "object",
"additionalProperties": false
},
"status": {
"default": {
"observedGeneration": -1
},
"description": "ImageUpdateAutomationStatus defines the observed state of ImageUpdateAutomation",
"properties": {
"conditions": {
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"lastAutomationRunTime": {
"description": "LastAutomationRunTime records the last time the controller ran\nthis automation through to completion (even if no updates were\nmade).",
"format": "date-time",
"type": "string"
},
"lastHandledReconcileAt": {
"description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.",
"type": "string"
},
"lastPushCommit": {
"description": "LastPushCommit records the SHA1 of the last commit made by the\ncontroller, for this automation object",
"type": "string"
},
"lastPushTime": {
"description": "LastPushTime records the time of the last pushed change.",
"format": "date-time",
"type": "string"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

379
image.toolkit.fluxcd.io/imageupdateautomation_v1beta2.json Normal file
View File

@ -0,0 +1,379 @@
{
"description": "ImageUpdateAutomation is the Schema for the imageupdateautomations API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "ImageUpdateAutomationSpec defines the desired state of ImageUpdateAutomation",
"properties": {
"git": {
"description": "GitSpec contains all the git-specific definitions. This is\ntechnically optional, but in practice mandatory until there are\nother kinds of source allowed.",
"properties": {
"checkout": {
"description": "Checkout gives the parameters for cloning the git repository,\nready to make changes. If not present, the `spec.ref` field from the\nreferenced `GitRepository` or its default will be used.",
"properties": {
"ref": {
"description": "Reference gives a branch, tag or commit to clone from the Git\nrepository.",
"properties": {
"branch": {
"description": "Branch to check out, defaults to 'master' if no other field is defined.",
"type": "string"
},
"commit": {
"description": "Commit SHA to check out, takes precedence over all reference fields.\n\nThis can be combined with Branch to shallow clone the branch, in which\nthe commit is expected to exist.",
"type": "string"
},
"name": {
"description": "Name of the reference to check out; takes precedence over Branch, Tag and SemVer.\n\nIt must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description\nExamples: \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", \"refs/merge-requests/1/head\"",
"type": "string"
},
"semver": {
"description": "SemVer tag expression to check out, takes precedence over Tag.",
"type": "string"
},
"tag": {
"description": "Tag to check out, takes precedence over Branch.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"ref"
],
"type": "object",
"additionalProperties": false
},
"commit": {
"description": "Commit specifies how to commit to the git repository.",
"properties": {
"author": {
"description": "Author gives the email and optionally the name to use as the\nauthor of commits.",
"properties": {
"email": {
"description": "Email gives the email to provide when making a commit.",
"type": "string"
},
"name": {
"description": "Name gives the name to provide when making a commit.",
"type": "string"
}
},
"required": [
"email"
],
"type": "object",
"additionalProperties": false
},
"messageTemplate": {
"description": "MessageTemplate provides a template for the commit message,\ninto which will be interpolated the details of the change made.",
"type": "string"
},
"signingKey": {
"description": "SigningKey provides the option to sign commits with a GPG key",
"properties": {
"secretRef": {
"description": "SecretRef holds the name to a secret that contains a 'git.asc' key\ncorresponding to the ASCII Armored file containing the GPG signing\nkeypair as the value. It must be in the same namespace as the\nImageUpdateAutomation.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
}
},
"required": [
"secretRef"
],
"type": "object",
"additionalProperties": false
}
},
"required": [
"author"
],
"type": "object",
"additionalProperties": false
},
"push": {
"description": "Push specifies how and where to push commits made by the\nautomation. If missing, commits are pushed (back) to\n`.spec.checkout.branch` or its default.",
"properties": {
"branch": {
"description": "Branch specifies that commits should be pushed to the branch\nnamed. The branch is created using `.spec.checkout.branch` as the\nstarting point, if it doesn't already exist.",
"type": "string"
},
"options": {
"additionalProperties": {
"type": "string"
},
"description": "Options specifies the push options that are sent to the Git\nserver when performing a push operation. For details, see:\nhttps://git-scm.com/docs/git-push#Documentation/git-push.txt---push-optionltoptiongt",
"type": "object"
},
"refspec": {
"description": "Refspec specifies the Git Refspec to use for a push operation.\nIf both Branch and Refspec are provided, then the commit is pushed\nto the branch and also using the specified refspec.\nFor more details about Git Refspecs, see:\nhttps://git-scm.com/book/en/v2/Git-Internals-The-Refspec",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"commit"
],
"type": "object",
"additionalProperties": false
},
"interval": {
"description": "Interval gives an lower bound for how often the automation\nrun should be attempted.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$",
"type": "string"
},
"policySelector": {
"description": "PolicySelector allows to filter applied policies based on labels.\nBy default includes all policies in namespace.",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object",
"additionalProperties": false
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"sourceRef": {
"description": "SourceRef refers to the resource giving access details\nto a git repository.",
"properties": {
"apiVersion": {
"description": "API version of the referent.",
"type": "string"
},
"kind": {
"default": "GitRepository",
"description": "Kind of the referent.",
"enum": [
"GitRepository"
],
"type": "string"
},
"name": {
"description": "Name of the referent.",
"type": "string"
},
"namespace": {
"description": "Namespace of the referent, defaults to the namespace of the Kubernetes resource object that contains the reference.",
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"suspend": {
"description": "Suspend tells the controller to not run this automation, until\nit is unset (or set to false). Defaults to false.",
"type": "boolean"
},
"update": {
"default": {
"strategy": "Setters"
},
"description": "Update gives the specification for how to update the files in\nthe repository. This can be left empty, to use the default\nvalue.",
"properties": {
"path": {
"description": "Path to the directory containing the manifests to be updated.\nDefaults to 'None', which translates to the root path\nof the GitRepositoryRef.",
"type": "string"
},
"strategy": {
"default": "Setters",
"description": "Strategy names the strategy to be used.",
"enum": [
"Setters"
],
"type": "string"
}
},
"required": [
"strategy"
],
"type": "object",
"additionalProperties": false
}
},
"required": [
"interval",
"sourceRef"
],
"type": "object",
"additionalProperties": false
},
"status": {
"default": {
"observedGeneration": -1
},
"description": "ImageUpdateAutomationStatus defines the observed state of ImageUpdateAutomation",
"properties": {
"conditions": {
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"lastAutomationRunTime": {
"description": "LastAutomationRunTime records the last time the controller ran\nthis automation through to completion (even if no updates were\nmade).",
"format": "date-time",
"type": "string"
},
"lastHandledReconcileAt": {
"description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.",
"type": "string"
},
"lastPushCommit": {
"description": "LastPushCommit records the SHA1 of the last commit made by the\ncontroller, for this automation object",
"type": "string"
},
"lastPushTime": {
"description": "LastPushTime records the time of the last pushed change.",
"format": "date-time",
"type": "string"
},
"observedGeneration": {
"format": "int64",
"type": "integer"
},
"observedPolicies": {
"additionalProperties": {
"description": "ImageRef represents an image reference.",
"properties": {
"name": {
"description": "Name is the bare image's name.",
"type": "string"
},
"tag": {
"description": "Tag is the image's tag.",
"type": "string"
}
},
"required": [
"name",
"tag"
],
"type": "object",
"additionalProperties": false
},
"description": "ObservedPolicies is the list of observed ImagePolicies that were\nconsidered by the ImageUpdateAutomation update process.",
"type": "object"
},
"observedSourceRevision": {
"description": "ObservedPolicies []ObservedPolicy `json:\"observedPolicies,omitempty\"`\nObservedSourceRevision is the last observed source revision. This can be\nused to determine if the source has been updated since last observation.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

31
k8up.io/all-anyOf.json Normal file
View File

@ -0,0 +1,31 @@
{
"anyOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/k8up.io/archive_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/k8up.io/backup_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/k8up.io/check_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/k8up.io/podconfig_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/k8up.io/prebackuppod_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/k8up.io/prune_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/k8up.io/restore_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/k8up.io/schedule_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/k8up.io/snapshot_v1.json"
}
]
}

31
k8up.io/all-oneOf.json Normal file
View File

@ -0,0 +1,31 @@
{
"oneOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/k8up.io/archive_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/k8up.io/backup_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/k8up.io/check_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/k8up.io/podconfig_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/k8up.io/prebackuppod_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/k8up.io/prune_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/k8up.io/restore_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/k8up.io/schedule_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/k8up.io/snapshot_v1.json"
}
]
}

1026
k8up.io/archive_v1.json Normal file
View File

File diff suppressed because it is too large Load Diff

893
k8up.io/backup_v1.json Normal file
View File

@ -0,0 +1,893 @@
{
"description": "Backup is the Schema for the backups API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "BackupSpec defines a single backup. It must contain all information to connect to\nthe backup repository when applied. If used with defaults or schedules the operator will\nensure that the defaults are applied before creating the object on the API.",
"properties": {
"activeDeadlineSeconds": {
"description": "ActiveDeadlineSeconds specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it.\nValue must be positive integer if given.",
"format": "int64",
"type": "integer"
},
"backend": {
"description": "Backend contains the restic repo where the job should backup to.",
"properties": {
"azure": {
"properties": {
"accountKeySecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"accountNameSecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"container": {
"type": "string"
},
"path": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"b2": {
"properties": {
"accountIDSecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"accountKeySecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"bucket": {
"type": "string"
},
"path": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"envFrom": {
"description": "EnvFrom adds all environment variables from a an external source to the Restic job.",
"items": {
"description": "EnvFromSource represents the source of a set of ConfigMaps",
"properties": {
"configMapRef": {
"description": "The ConfigMap to select from",
"properties": {
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the ConfigMap must be defined",
"type": "boolean"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"prefix": {
"description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.",
"type": "string"
},
"secretRef": {
"description": "The Secret to select from",
"properties": {
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret must be defined",
"type": "boolean"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"gcs": {
"properties": {
"accessTokenSecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"bucket": {
"type": "string"
},
"projectIDSecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"local": {
"properties": {
"mountPath": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"repoPasswordSecretRef": {
"description": "RepoPasswordSecretRef references a secret key to look up the restic repository password",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"rest": {
"properties": {
"passwordSecretReg": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"url": {
"type": "string"
},
"userSecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"s3": {
"properties": {
"accessKeyIDSecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"bucket": {
"type": "string"
},
"endpoint": {
"type": "string"
},
"secretAccessKeySecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"swift": {
"properties": {
"container": {
"type": "string"
},
"path": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"tlsOptions": {
"properties": {
"caCert": {
"type": "string"
},
"clientCert": {
"type": "string"
},
"clientKey": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"volumeMounts": {
"items": {
"description": "VolumeMount describes a mounting of a Volume within a container.",
"properties": {
"mountPath": {
"description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.",
"type": "string"
},
"mountPropagation": {
"description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.",
"type": "string"
},
"name": {
"description": "This must match the Name of a Volume.",
"type": "string"
},
"readOnly": {
"description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.",
"type": "boolean"
},
"subPath": {
"description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).",
"type": "string"
},
"subPathExpr": {
"description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.",
"type": "string"
}
},
"required": [
"mountPath",
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"failedJobsHistoryLimit": {
"description": "FailedJobsHistoryLimit amount of failed jobs to keep for later analysis.\nKeepJobs is used property is not specified.",
"type": "integer"
},
"keepJobs": {
"description": "KeepJobs amount of jobs to keep for later analysis.\n\n\nDeprecated: Use FailedJobsHistoryLimit and SuccessfulJobsHistoryLimit respectively.",
"type": "integer"
},
"podConfigRef": {
"description": "PodConfigRef describes the pod spec with wich this action shall be executed.\nIt takes precedence over the Resources or PodSecurityContext field.\nIt does not allow changing the image or the command of the resulting pod.\nThis is for advanced use-cases only. Please only set this if you know what you're doing.",
"properties": {
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"podSecurityContext": {
"description": "PodSecurityContext describes the security context with which this action shall be executed.",
"properties": {
"fsGroup": {
"description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.",
"format": "int64",
"type": "integer"
},
"fsGroupChangePolicy": {
"description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.",
"type": "string"
},
"runAsGroup": {
"description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.",
"format": "int64",
"type": "integer"
},
"runAsNonRoot": {
"description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.",
"type": "boolean"
},
"runAsUser": {
"description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.",
"format": "int64",
"type": "integer"
},
"seLinuxOptions": {
"description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.",
"properties": {
"level": {
"description": "Level is SELinux level label that applies to the container.",
"type": "string"
},
"role": {
"description": "Role is a SELinux role label that applies to the container.",
"type": "string"
},
"type": {
"description": "Type is a SELinux type label that applies to the container.",
"type": "string"
},
"user": {
"description": "User is a SELinux user label that applies to the container.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"seccompProfile": {
"description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.",
"properties": {
"localhostProfile": {
"description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.",
"type": "string"
},
"type": {
"description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.",
"type": "string"
}
},
"required": [
"type"
],
"type": "object",
"additionalProperties": false
},
"supplementalGroups": {
"description": "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows.",
"items": {
"format": "int64",
"type": "integer"
},
"type": "array"
},
"sysctls": {
"description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.",
"items": {
"description": "Sysctl defines a kernel parameter to be set",
"properties": {
"name": {
"description": "Name of a property to set",
"type": "string"
},
"value": {
"description": "Value of a property to set",
"type": "string"
}
},
"required": [
"name",
"value"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"windowsOptions": {
"description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.",
"properties": {
"gmsaCredentialSpec": {
"description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.",
"type": "string"
},
"gmsaCredentialSpecName": {
"description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.",
"type": "string"
},
"hostProcess": {
"description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.",
"type": "boolean"
},
"runAsUserName": {
"description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"promURL": {
"description": "PromURL sets a prometheus push URL where the backup container send metrics to",
"type": "string"
},
"resources": {
"description": "Resources describes the compute resource requirements (cpu, memory, etc.)",
"properties": {
"claims": {
"description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.",
"items": {
"description": "ResourceClaim references one entry in PodSpec.ResourceClaims.",
"properties": {
"name": {
"description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array",
"x-kubernetes-list-map-keys": [
"name"
],
"x-kubernetes-list-type": "map"
},
"limits": {
"additionalProperties": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
},
"description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/",
"type": "object"
},
"requests": {
"additionalProperties": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
},
"description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/",
"type": "object"
}
},
"type": "object",
"additionalProperties": false
},
"statsURL": {
"description": "StatsURL sets an arbitrary URL where the restic container posts metrics and\ninformation about the snapshots to. This is in addition to the prometheus\npushgateway.",
"type": "string"
},
"successfulJobsHistoryLimit": {
"description": "SuccessfulJobsHistoryLimit amount of successful jobs to keep for later analysis.\nKeepJobs is used property is not specified.",
"type": "integer"
},
"tags": {
"description": "Tags is a list of arbitrary tags that get added to the backup via Restic's tagging system",
"items": {
"type": "string"
},
"type": "array"
},
"volumes": {
"description": "Volumes List of volumes that can be mounted by containers belonging to the pod.",
"items": {
"properties": {
"configMap": {
"description": "configMap represents a configMap that should populate this volume",
"properties": {
"defaultMode": {
"description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.",
"format": "int32",
"type": "integer"
},
"items": {
"description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.",
"items": {
"description": "Maps a string key to a path within a volume.",
"properties": {
"key": {
"description": "key is the key to project.",
"type": "string"
},
"mode": {
"description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.",
"format": "int32",
"type": "integer"
},
"path": {
"description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.",
"type": "string"
}
},
"required": [
"key",
"path"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "optional specify whether the ConfigMap or its keys must be defined",
"type": "boolean"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"name": {
"description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names",
"type": "string"
},
"persistentVolumeClaim": {
"description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims",
"properties": {
"claimName": {
"description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims",
"type": "string"
},
"readOnly": {
"description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.",
"type": "boolean"
}
},
"required": [
"claimName"
],
"type": "object",
"additionalProperties": false
},
"secret": {
"description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret",
"properties": {
"defaultMode": {
"description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.",
"format": "int32",
"type": "integer"
},
"items": {
"description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.",
"items": {
"description": "Maps a string key to a path within a volume.",
"properties": {
"key": {
"description": "key is the key to project.",
"type": "string"
},
"mode": {
"description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.",
"format": "int32",
"type": "integer"
},
"path": {
"description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.",
"type": "string"
}
},
"required": [
"key",
"path"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"optional": {
"description": "optional field specify whether the Secret or its keys must be defined",
"type": "boolean"
},
"secretName": {
"description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"status": {
"description": "Status defines the observed state of a generic K8up job. It is used for the\noperator to determine what to do.",
"properties": {
"conditions": {
"description": "Conditions provide a standard mechanism for higher-level status reporting from a controller.\nThey are an extension mechanism which allows tools and other controllers to collect summary information about\nresources without needing to understand resource-specific status details.",
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"exclusive": {
"type": "boolean"
},
"finished": {
"type": "boolean"
},
"started": {
"type": "boolean"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

882
k8up.io/check_v1.json Normal file
View File

@ -0,0 +1,882 @@
{
"description": "Check is the Schema for the checks API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "CheckSpec defines the desired state of Check. It needs to contain the repository\ninformation.",
"properties": {
"activeDeadlineSeconds": {
"description": "ActiveDeadlineSeconds specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it.\nValue must be positive integer if given.",
"format": "int64",
"type": "integer"
},
"backend": {
"description": "Backend contains the restic repo where the job should backup to.",
"properties": {
"azure": {
"properties": {
"accountKeySecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"accountNameSecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"container": {
"type": "string"
},
"path": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"b2": {
"properties": {
"accountIDSecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"accountKeySecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"bucket": {
"type": "string"
},
"path": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"envFrom": {
"description": "EnvFrom adds all environment variables from a an external source to the Restic job.",
"items": {
"description": "EnvFromSource represents the source of a set of ConfigMaps",
"properties": {
"configMapRef": {
"description": "The ConfigMap to select from",
"properties": {
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the ConfigMap must be defined",
"type": "boolean"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"prefix": {
"description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.",
"type": "string"
},
"secretRef": {
"description": "The Secret to select from",
"properties": {
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret must be defined",
"type": "boolean"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"gcs": {
"properties": {
"accessTokenSecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"bucket": {
"type": "string"
},
"projectIDSecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"local": {
"properties": {
"mountPath": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"repoPasswordSecretRef": {
"description": "RepoPasswordSecretRef references a secret key to look up the restic repository password",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"rest": {
"properties": {
"passwordSecretReg": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"url": {
"type": "string"
},
"userSecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"s3": {
"properties": {
"accessKeyIDSecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"bucket": {
"type": "string"
},
"endpoint": {
"type": "string"
},
"secretAccessKeySecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"swift": {
"properties": {
"container": {
"type": "string"
},
"path": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"tlsOptions": {
"properties": {
"caCert": {
"type": "string"
},
"clientCert": {
"type": "string"
},
"clientKey": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"volumeMounts": {
"items": {
"description": "VolumeMount describes a mounting of a Volume within a container.",
"properties": {
"mountPath": {
"description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.",
"type": "string"
},
"mountPropagation": {
"description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.",
"type": "string"
},
"name": {
"description": "This must match the Name of a Volume.",
"type": "string"
},
"readOnly": {
"description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.",
"type": "boolean"
},
"subPath": {
"description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).",
"type": "string"
},
"subPathExpr": {
"description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.",
"type": "string"
}
},
"required": [
"mountPath",
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"failedJobsHistoryLimit": {
"description": "FailedJobsHistoryLimit amount of failed jobs to keep for later analysis.\nKeepJobs is used property is not specified.",
"type": "integer"
},
"keepJobs": {
"description": "KeepJobs amount of jobs to keep for later analysis.\n\n\nDeprecated: Use FailedJobsHistoryLimit and SuccessfulJobsHistoryLimit respectively.",
"type": "integer"
},
"podConfigRef": {
"description": "PodConfigRef describes the pod spec with wich this action shall be executed.\nIt takes precedence over the Resources or PodSecurityContext field.\nIt does not allow changing the image or the command of the resulting pod.\nThis is for advanced use-cases only. Please only set this if you know what you're doing.",
"properties": {
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"podSecurityContext": {
"description": "PodSecurityContext describes the security context with which this action shall be executed.",
"properties": {
"fsGroup": {
"description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.",
"format": "int64",
"type": "integer"
},
"fsGroupChangePolicy": {
"description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.",
"type": "string"
},
"runAsGroup": {
"description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.",
"format": "int64",
"type": "integer"
},
"runAsNonRoot": {
"description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.",
"type": "boolean"
},
"runAsUser": {
"description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.",
"format": "int64",
"type": "integer"
},
"seLinuxOptions": {
"description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.",
"properties": {
"level": {
"description": "Level is SELinux level label that applies to the container.",
"type": "string"
},
"role": {
"description": "Role is a SELinux role label that applies to the container.",
"type": "string"
},
"type": {
"description": "Type is a SELinux type label that applies to the container.",
"type": "string"
},
"user": {
"description": "User is a SELinux user label that applies to the container.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"seccompProfile": {
"description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.",
"properties": {
"localhostProfile": {
"description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.",
"type": "string"
},
"type": {
"description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.",
"type": "string"
}
},
"required": [
"type"
],
"type": "object",
"additionalProperties": false
},
"supplementalGroups": {
"description": "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows.",
"items": {
"format": "int64",
"type": "integer"
},
"type": "array"
},
"sysctls": {
"description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.",
"items": {
"description": "Sysctl defines a kernel parameter to be set",
"properties": {
"name": {
"description": "Name of a property to set",
"type": "string"
},
"value": {
"description": "Value of a property to set",
"type": "string"
}
},
"required": [
"name",
"value"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"windowsOptions": {
"description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.",
"properties": {
"gmsaCredentialSpec": {
"description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.",
"type": "string"
},
"gmsaCredentialSpecName": {
"description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.",
"type": "string"
},
"hostProcess": {
"description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.",
"type": "boolean"
},
"runAsUserName": {
"description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"promURL": {
"description": "PromURL sets a prometheus push URL where the backup container send metrics to",
"type": "string"
},
"resources": {
"description": "Resources describes the compute resource requirements (cpu, memory, etc.)",
"properties": {
"claims": {
"description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.",
"items": {
"description": "ResourceClaim references one entry in PodSpec.ResourceClaims.",
"properties": {
"name": {
"description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array",
"x-kubernetes-list-map-keys": [
"name"
],
"x-kubernetes-list-type": "map"
},
"limits": {
"additionalProperties": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
},
"description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/",
"type": "object"
},
"requests": {
"additionalProperties": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
},
"description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/",
"type": "object"
}
},
"type": "object",
"additionalProperties": false
},
"successfulJobsHistoryLimit": {
"description": "SuccessfulJobsHistoryLimit amount of successful jobs to keep for later analysis.\nKeepJobs is used property is not specified.",
"type": "integer"
},
"volumes": {
"description": "Volumes List of volumes that can be mounted by containers belonging to the pod.",
"items": {
"properties": {
"configMap": {
"description": "configMap represents a configMap that should populate this volume",
"properties": {
"defaultMode": {
"description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.",
"format": "int32",
"type": "integer"
},
"items": {
"description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.",
"items": {
"description": "Maps a string key to a path within a volume.",
"properties": {
"key": {
"description": "key is the key to project.",
"type": "string"
},
"mode": {
"description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.",
"format": "int32",
"type": "integer"
},
"path": {
"description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.",
"type": "string"
}
},
"required": [
"key",
"path"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "optional specify whether the ConfigMap or its keys must be defined",
"type": "boolean"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"name": {
"description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names",
"type": "string"
},
"persistentVolumeClaim": {
"description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims",
"properties": {
"claimName": {
"description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims",
"type": "string"
},
"readOnly": {
"description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.",
"type": "boolean"
}
},
"required": [
"claimName"
],
"type": "object",
"additionalProperties": false
},
"secret": {
"description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret",
"properties": {
"defaultMode": {
"description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.",
"format": "int32",
"type": "integer"
},
"items": {
"description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.",
"items": {
"description": "Maps a string key to a path within a volume.",
"properties": {
"key": {
"description": "key is the key to project.",
"type": "string"
},
"mode": {
"description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.",
"format": "int32",
"type": "integer"
},
"path": {
"description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.",
"type": "string"
}
},
"required": [
"key",
"path"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"optional": {
"description": "optional field specify whether the Secret or its keys must be defined",
"type": "boolean"
},
"secretName": {
"description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"status": {
"description": "Status defines the observed state of a generic K8up job. It is used for the\noperator to determine what to do.",
"properties": {
"conditions": {
"description": "Conditions provide a standard mechanism for higher-level status reporting from a controller.\nThey are an extension mechanism which allows tools and other controllers to collect summary information about\nresources without needing to understand resource-specific status details.",
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"exclusive": {
"type": "boolean"
},
"finished": {
"type": "boolean"
},
"started": {
"type": "boolean"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

6563
k8up.io/podconfig_v1.json Normal file
View File

File diff suppressed because it is too large Load Diff

6566
k8up.io/prebackuppod_v1.json Normal file
View File

File diff suppressed because it is too large Load Diff

923
k8up.io/prune_v1.json Normal file
View File

@ -0,0 +1,923 @@
{
"description": "Prune is the Schema for the prunes API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "PruneSpec needs to contain the repository information as well as the desired\nretention policies.",
"properties": {
"activeDeadlineSeconds": {
"description": "ActiveDeadlineSeconds specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it.\nValue must be positive integer if given.",
"format": "int64",
"type": "integer"
},
"backend": {
"description": "Backend contains the restic repo where the job should backup to.",
"properties": {
"azure": {
"properties": {
"accountKeySecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"accountNameSecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"container": {
"type": "string"
},
"path": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"b2": {
"properties": {
"accountIDSecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"accountKeySecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"bucket": {
"type": "string"
},
"path": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"envFrom": {
"description": "EnvFrom adds all environment variables from a an external source to the Restic job.",
"items": {
"description": "EnvFromSource represents the source of a set of ConfigMaps",
"properties": {
"configMapRef": {
"description": "The ConfigMap to select from",
"properties": {
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the ConfigMap must be defined",
"type": "boolean"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"prefix": {
"description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.",
"type": "string"
},
"secretRef": {
"description": "The Secret to select from",
"properties": {
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret must be defined",
"type": "boolean"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"gcs": {
"properties": {
"accessTokenSecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"bucket": {
"type": "string"
},
"projectIDSecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"local": {
"properties": {
"mountPath": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"repoPasswordSecretRef": {
"description": "RepoPasswordSecretRef references a secret key to look up the restic repository password",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"rest": {
"properties": {
"passwordSecretReg": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"url": {
"type": "string"
},
"userSecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"s3": {
"properties": {
"accessKeyIDSecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"bucket": {
"type": "string"
},
"endpoint": {
"type": "string"
},
"secretAccessKeySecretRef": {
"description": "SecretKeySelector selects a key of a Secret.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"swift": {
"properties": {
"container": {
"type": "string"
},
"path": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"tlsOptions": {
"properties": {
"caCert": {
"type": "string"
},
"clientCert": {
"type": "string"
},
"clientKey": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"volumeMounts": {
"items": {
"description": "VolumeMount describes a mounting of a Volume within a container.",
"properties": {
"mountPath": {
"description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.",
"type": "string"
},
"mountPropagation": {
"description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.",
"type": "string"
},
"name": {
"description": "This must match the Name of a Volume.",
"type": "string"
},
"readOnly": {
"description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.",
"type": "boolean"
},
"subPath": {
"description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).",
"type": "string"
},
"subPathExpr": {
"description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.",
"type": "string"
}
},
"required": [
"mountPath",
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"failedJobsHistoryLimit": {
"description": "FailedJobsHistoryLimit amount of failed jobs to keep for later analysis.\nKeepJobs is used property is not specified.",
"type": "integer"
},
"keepJobs": {
"description": "KeepJobs amount of jobs to keep for later analysis.\n\n\nDeprecated: Use FailedJobsHistoryLimit and SuccessfulJobsHistoryLimit respectively.",
"type": "integer"
},
"podConfigRef": {
"description": "PodConfigRef describes the pod spec with wich this action shall be executed.\nIt takes precedence over the Resources or PodSecurityContext field.\nIt does not allow changing the image or the command of the resulting pod.\nThis is for advanced use-cases only. Please only set this if you know what you're doing.",
"properties": {
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"podSecurityContext": {
"description": "PodSecurityContext describes the security context with which this action shall be executed.",
"properties": {
"fsGroup": {
"description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.",
"format": "int64",
"type": "integer"
},
"fsGroupChangePolicy": {
"description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.",
"type": "string"
},
"runAsGroup": {
"description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.",
"format": "int64",
"type": "integer"
},
"runAsNonRoot": {
"description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.",
"type": "boolean"
},
"runAsUser": {
"description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.",
"format": "int64",
"type": "integer"
},
"seLinuxOptions": {
"description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.",
"properties": {
"level": {
"description": "Level is SELinux level label that applies to the container.",
"type": "string"
},
"role": {
"description": "Role is a SELinux role label that applies to the container.",
"type": "string"
},
"type": {
"description": "Type is a SELinux type label that applies to the container.",
"type": "string"
},
"user": {
"description": "User is a SELinux user label that applies to the container.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"seccompProfile": {
"description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.",
"properties": {
"localhostProfile": {
"description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.",
"type": "string"
},
"type": {
"description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.",
"type": "string"
}
},
"required": [
"type"
],
"type": "object",
"additionalProperties": false
},
"supplementalGroups": {
"description": "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows.",
"items": {
"format": "int64",
"type": "integer"
},
"type": "array"
},
"sysctls": {
"description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.",
"items": {
"description": "Sysctl defines a kernel parameter to be set",
"properties": {
"name": {
"description": "Name of a property to set",
"type": "string"
},
"value": {
"description": "Value of a property to set",
"type": "string"
}
},
"required": [
"name",
"value"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"windowsOptions": {
"description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.",
"properties": {
"gmsaCredentialSpec": {
"description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.",
"type": "string"
},
"gmsaCredentialSpecName": {
"description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.",
"type": "string"
},
"hostProcess": {
"description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.",
"type": "boolean"
},
"runAsUserName": {
"description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"resources": {
"description": "Resources describes the compute resource requirements (cpu, memory, etc.)",
"properties": {
"claims": {
"description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.",
"items": {
"description": "ResourceClaim references one entry in PodSpec.ResourceClaims.",
"properties": {
"name": {
"description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array",
"x-kubernetes-list-map-keys": [
"name"
],
"x-kubernetes-list-type": "map"
},
"limits": {
"additionalProperties": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
},
"description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/",
"type": "object"
},
"requests": {
"additionalProperties": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
"x-kubernetes-int-or-string": true
},
"description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/",
"type": "object"
}
},
"type": "object",
"additionalProperties": false
},
"retention": {
"description": "Retention sets how many backups should be kept after a forget and prune",
"properties": {
"hostnames": {
"description": "Hostnames is a filter on what hostnames the policy should be applied",
"items": {
"type": "string"
},
"type": "array"
},
"keepDaily": {
"type": "integer"
},
"keepHourly": {
"type": "integer"
},
"keepLast": {
"type": "integer"
},
"keepMonthly": {
"type": "integer"
},
"keepTags": {
"items": {
"type": "string"
},
"type": "array"
},
"keepWeekly": {
"type": "integer"
},
"keepYearly": {
"type": "integer"
},
"tags": {
"description": "Tags is a filter on what tags the policy should be applied\nDO NOT CONFUSE THIS WITH KeepTags OR YOU'LL have a bad time",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"successfulJobsHistoryLimit": {
"description": "SuccessfulJobsHistoryLimit amount of successful jobs to keep for later analysis.\nKeepJobs is used property is not specified.",
"type": "integer"
},
"volumes": {
"description": "Volumes List of volumes that can be mounted by containers belonging to the pod.",
"items": {
"properties": {
"configMap": {
"description": "configMap represents a configMap that should populate this volume",
"properties": {
"defaultMode": {
"description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.",
"format": "int32",
"type": "integer"
},
"items": {
"description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.",
"items": {
"description": "Maps a string key to a path within a volume.",
"properties": {
"key": {
"description": "key is the key to project.",
"type": "string"
},
"mode": {
"description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.",
"format": "int32",
"type": "integer"
},
"path": {
"description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.",
"type": "string"
}
},
"required": [
"key",
"path"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"name": {
"description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "optional specify whether the ConfigMap or its keys must be defined",
"type": "boolean"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"name": {
"description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names",
"type": "string"
},
"persistentVolumeClaim": {
"description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims",
"properties": {
"claimName": {
"description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims",
"type": "string"
},
"readOnly": {
"description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.",
"type": "boolean"
}
},
"required": [
"claimName"
],
"type": "object",
"additionalProperties": false
},
"secret": {
"description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret",
"properties": {
"defaultMode": {
"description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.",
"format": "int32",
"type": "integer"
},
"items": {
"description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.",
"items": {
"description": "Maps a string key to a path within a volume.",
"properties": {
"key": {
"description": "key is the key to project.",
"type": "string"
},
"mode": {
"description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.",
"format": "int32",
"type": "integer"
},
"path": {
"description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.",
"type": "string"
}
},
"required": [
"key",
"path"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"optional": {
"description": "optional field specify whether the Secret or its keys must be defined",
"type": "boolean"
},
"secretName": {
"description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"status": {
"description": "Status defines the observed state of a generic K8up job. It is used for the\noperator to determine what to do.",
"properties": {
"conditions": {
"description": "Conditions provide a standard mechanism for higher-level status reporting from a controller.\nThey are an extension mechanism which allows tools and other controllers to collect summary information about\nresources without needing to understand resource-specific status details.",
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"exclusive": {
"type": "boolean"
},
"finished": {
"type": "boolean"
},
"started": {
"type": "boolean"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

1026
k8up.io/restore_v1.json Normal file
View File

File diff suppressed because it is too large Load Diff

5090
k8up.io/schedule_v1.json Normal file
View File

File diff suppressed because it is too large Load Diff

44
k8up.io/snapshot_v1.json Normal file
View File

@ -0,0 +1,44 @@
{
"description": "Snapshot is the Schema for the snapshots API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "SnapshotSpec contains all information needed about a restic snapshot so it\ncan be restored.",
"properties": {
"date": {
"format": "date-time",
"type": "string"
},
"id": {
"type": "string"
},
"paths": {
"items": {
"type": "string"
},
"type": "array"
},
"repository": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"status": {
"description": "SnapshotStatus defines the observed state of Snapshot",
"type": "object"
}
},
"type": "object"
}

13
kustomize.toolkit.fluxcd.io/all-anyOf.json Normal file
View File

@ -0,0 +1,13 @@
{
"anyOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/kustomize.toolkit.fluxcd.io/kustomization_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/kustomize.toolkit.fluxcd.io/kustomization_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/kustomize.toolkit.fluxcd.io/kustomization_v1beta2.json"
}
]
}

13
kustomize.toolkit.fluxcd.io/all-oneOf.json Normal file
View File

@ -0,0 +1,13 @@
{
"oneOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/kustomize.toolkit.fluxcd.io/kustomization_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/kustomize.toolkit.fluxcd.io/kustomization_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/kustomize.toolkit.fluxcd.io/kustomization_v1beta2.json"
}
]
}

505
kustomize.toolkit.fluxcd.io/kustomization_v1.json Normal file
View File

@ -0,0 +1,505 @@
{
"description": "Kustomization is the Schema for the kustomizations API.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "KustomizationSpec defines the configuration to calculate the desired state\nfrom a Source using Kustomize.",
"properties": {
"commonMetadata": {
"description": "CommonMetadata specifies the common labels and annotations that are\napplied to all resources. Any existing label or annotation will be\noverridden if its key matches a common one.",
"properties": {
"annotations": {
"additionalProperties": {
"type": "string"
},
"description": "Annotations to be added to the object's metadata.",
"type": "object"
},
"labels": {
"additionalProperties": {
"type": "string"
},
"description": "Labels to be added to the object's metadata.",
"type": "object"
}
},
"type": "object",
"additionalProperties": false
},
"components": {
"description": "Components specifies relative paths to specifications of other Components.",
"items": {
"type": "string"
},
"type": "array"
},
"decryption": {
"description": "Decrypt Kubernetes secrets before applying them on the cluster.",
"properties": {
"provider": {
"description": "Provider is the name of the decryption engine.",
"enum": [
"sops"
],
"type": "string"
},
"secretRef": {
"description": "The secret name containing the private OpenPGP keys used for decryption.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
}
},
"required": [
"provider"
],
"type": "object",
"additionalProperties": false
},
"dependsOn": {
"description": "DependsOn may contain a meta.NamespacedObjectReference slice\nwith references to Kustomization resources that must be ready before this\nKustomization can be reconciled.",
"items": {
"description": "NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any\nnamespace.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
},
"namespace": {
"description": "Namespace of the referent, when not specified it acts as LocalObjectReference.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"force": {
"default": false,
"description": "Force instructs the controller to recreate resources\nwhen patching fails due to an immutable field change.",
"type": "boolean"
},
"healthChecks": {
"description": "A list of resources to be included in the health assessment.",
"items": {
"description": "NamespacedObjectKindReference contains enough information to locate the typed referenced Kubernetes resource object\nin any namespace.",
"properties": {
"apiVersion": {
"description": "API version of the referent, if not specified the Kubernetes preferred version will be used.",
"type": "string"
},
"kind": {
"description": "Kind of the referent.",
"type": "string"
},
"name": {
"description": "Name of the referent.",
"type": "string"
},
"namespace": {
"description": "Namespace of the referent, when not specified it acts as LocalObjectReference.",
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"images": {
"description": "Images is a list of (image name, new name, new tag or digest)\nfor changing image names, tags or digests. This can also be achieved with a\npatch, but this operator is simpler to specify.",
"items": {
"description": "Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag.",
"properties": {
"digest": {
"description": "Digest is the value used to replace the original image tag.\nIf digest is present NewTag value is ignored.",
"type": "string"
},
"name": {
"description": "Name is a tag-less image name.",
"type": "string"
},
"newName": {
"description": "NewName is the value used to replace the original name.",
"type": "string"
},
"newTag": {
"description": "NewTag is the value used to replace the original tag.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"interval": {
"description": "The interval at which to reconcile the Kustomization.\nThis interval is approximate and may be subject to jitter to ensure\nefficient use of resources.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$",
"type": "string"
},
"kubeConfig": {
"description": "The KubeConfig for reconciling the Kustomization on a remote cluster.\nWhen used in combination with KustomizationSpec.ServiceAccountName,\nforces the controller to act on behalf of that Service Account at the\ntarget cluster.\nIf the --default-service-account flag is set, its value will be used as\na controller level fallback for when KustomizationSpec.ServiceAccountName\nis empty.",
"properties": {
"secretRef": {
"description": "SecretRef holds the name of a secret that contains a key with\nthe kubeconfig file as the value. If no key is set, the key will default\nto 'value'.\nIt is recommended that the kubeconfig is self-contained, and the secret\nis regularly updated if credentials such as a cloud-access-token expire.\nCloud specific `cmd-path` auth helpers will not function without adding\nbinaries and credentials to the Pod that is responsible for reconciling\nKubernetes resources.",
"properties": {
"key": {
"description": "Key in the Secret, when not specified an implementation-specific default key is used.",
"type": "string"
},
"name": {
"description": "Name of the Secret.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
}
},
"required": [
"secretRef"
],
"type": "object",
"additionalProperties": false
},
"namePrefix": {
"description": "NamePrefix will prefix the names of all managed resources.",
"maxLength": 200,
"minLength": 1,
"type": "string"
},
"nameSuffix": {
"description": "NameSuffix will suffix the names of all managed resources.",
"maxLength": 200,
"minLength": 1,
"type": "string"
},
"patches": {
"description": "Strategic merge and JSON patches, defined as inline YAML objects,\ncapable of targeting objects based on kind, label and annotation selectors.",
"items": {
"description": "Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should\nbe applied to.",
"properties": {
"patch": {
"description": "Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with\nan array of operation objects.",
"type": "string"
},
"target": {
"description": "Target points to the resources that the patch document should be applied to.",
"properties": {
"annotationSelector": {
"description": "AnnotationSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource annotations.",
"type": "string"
},
"group": {
"description": "Group is the API group to select resources from.\nTogether with Version and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md",
"type": "string"
},
"kind": {
"description": "Kind of the API Group to select resources from.\nTogether with Group and Version it is capable of unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md",
"type": "string"
},
"labelSelector": {
"description": "LabelSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource labels.",
"type": "string"
},
"name": {
"description": "Name to match resources with.",
"type": "string"
},
"namespace": {
"description": "Namespace to select resources from.",
"type": "string"
},
"version": {
"description": "Version of the API Group to select resources from.\nTogether with Group and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"patch"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"path": {
"description": "Path to the directory containing the kustomization.yaml file, or the\nset of plain YAMLs a kustomization.yaml should be generated for.\nDefaults to 'None', which translates to the root path of the SourceRef.",
"type": "string"
},
"postBuild": {
"description": "PostBuild describes which actions to perform on the YAML manifest\ngenerated by building the kustomize overlay.",
"properties": {
"substitute": {
"additionalProperties": {
"type": "string"
},
"description": "Substitute holds a map of key/value pairs.\nThe variables defined in your YAML manifests that match any of the keys\ndefined in the map will be substituted with the set value.\nIncludes support for bash string replacement functions\ne.g. ${var:=default}, ${var:position} and ${var/substring/replacement}.",
"type": "object"
},
"substituteFrom": {
"description": "SubstituteFrom holds references to ConfigMaps and Secrets containing\nthe variables and their values to be substituted in the YAML manifests.\nThe ConfigMap and the Secret data keys represent the var names, and they\nmust match the vars declared in the manifests for the substitution to\nhappen.",
"items": {
"description": "SubstituteReference contains a reference to a resource containing\nthe variables name and value.",
"properties": {
"kind": {
"description": "Kind of the values referent, valid values are ('Secret', 'ConfigMap').",
"enum": [
"Secret",
"ConfigMap"
],
"type": "string"
},
"name": {
"description": "Name of the values referent. Should reside in the same namespace as the\nreferring resource.",
"maxLength": 253,
"minLength": 1,
"type": "string"
},
"optional": {
"default": false,
"description": "Optional indicates whether the referenced resource must exist, or whether to\ntolerate its absence. If true and the referenced resource is absent, proceed\nas if the resource was present but empty, without any variables defined.",
"type": "boolean"
}
},
"required": [
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"prune": {
"description": "Prune enables garbage collection.",
"type": "boolean"
},
"retryInterval": {
"description": "The interval at which to retry a previously failed reconciliation.\nWhen not specified, the controller uses the KustomizationSpec.Interval\nvalue to retry failures.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$",
"type": "string"
},
"serviceAccountName": {
"description": "The name of the Kubernetes service account to impersonate\nwhen reconciling this Kustomization.",
"type": "string"
},
"sourceRef": {
"description": "Reference of the source where the kustomization file is.",
"properties": {
"apiVersion": {
"description": "API version of the referent.",
"type": "string"
},
"kind": {
"description": "Kind of the referent.",
"enum": [
"OCIRepository",
"GitRepository",
"Bucket"
],
"type": "string"
},
"name": {
"description": "Name of the referent.",
"type": "string"
},
"namespace": {
"description": "Namespace of the referent, defaults to the namespace of the Kubernetes\nresource object that contains the reference.",
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"suspend": {
"description": "This flag tells the controller to suspend subsequent kustomize executions,\nit does not apply to already started executions. Defaults to false.",
"type": "boolean"
},
"targetNamespace": {
"description": "TargetNamespace sets or overrides the namespace in the\nkustomization.yaml file.",
"maxLength": 63,
"minLength": 1,
"type": "string"
},
"timeout": {
"description": "Timeout for validation, apply and health checking operations.\nDefaults to 'Interval' duration.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$",
"type": "string"
},
"wait": {
"description": "Wait instructs the controller to check the health of all the reconciled\nresources. When enabled, the HealthChecks are ignored. Defaults to false.",
"type": "boolean"
}
},
"required": [
"interval",
"prune",
"sourceRef"
],
"type": "object",
"additionalProperties": false
},
"status": {
"default": {
"observedGeneration": -1
},
"description": "KustomizationStatus defines the observed state of a kustomization.",
"properties": {
"conditions": {
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"inventory": {
"description": "Inventory contains the list of Kubernetes resource object references that\nhave been successfully applied.",
"properties": {
"entries": {
"description": "Entries of Kubernetes resource object references.",
"items": {
"description": "ResourceRef contains the information necessary to locate a resource within a cluster.",
"properties": {
"id": {
"description": "ID is the string representation of the Kubernetes resource object's metadata,\nin the format '<namespace>_<name>_<group>_<kind>'.",
"type": "string"
},
"v": {
"description": "Version is the API version of the Kubernetes resource object's kind.",
"type": "string"
}
},
"required": [
"id",
"v"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"required": [
"entries"
],
"type": "object",
"additionalProperties": false
},
"lastAppliedRevision": {
"description": "The last successfully applied revision.\nEquals the Revision of the applied Artifact from the referenced Source.",
"type": "string"
},
"lastAttemptedRevision": {
"description": "LastAttemptedRevision is the revision of the last reconciliation attempt.",
"type": "string"
},
"lastHandledReconcileAt": {
"description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.",
"type": "string"
},
"observedGeneration": {
"description": "ObservedGeneration is the last reconciled generation.",
"format": "int64",
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

560
kustomize.toolkit.fluxcd.io/kustomization_v1beta1.json Normal file
View File

@ -0,0 +1,560 @@
{
"description": "Kustomization is the Schema for the kustomizations API.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "KustomizationSpec defines the desired state of a kustomization.",
"properties": {
"decryption": {
"description": "Decrypt Kubernetes secrets before applying them on the cluster.",
"properties": {
"provider": {
"description": "Provider is the name of the decryption engine.",
"enum": [
"sops"
],
"type": "string"
},
"secretRef": {
"description": "The secret name containing the private OpenPGP keys used for decryption.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
}
},
"required": [
"provider"
],
"type": "object",
"additionalProperties": false
},
"dependsOn": {
"description": "DependsOn may contain a meta.NamespacedObjectReference slice\nwith references to Kustomization resources that must be ready before this\nKustomization can be reconciled.",
"items": {
"description": "NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any\nnamespace.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
},
"namespace": {
"description": "Namespace of the referent, when not specified it acts as LocalObjectReference.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"force": {
"default": false,
"description": "Force instructs the controller to recreate resources\nwhen patching fails due to an immutable field change.",
"type": "boolean"
},
"healthChecks": {
"description": "A list of resources to be included in the health assessment.",
"items": {
"description": "NamespacedObjectKindReference contains enough information to locate the typed referenced Kubernetes resource object\nin any namespace.",
"properties": {
"apiVersion": {
"description": "API version of the referent, if not specified the Kubernetes preferred version will be used.",
"type": "string"
},
"kind": {
"description": "Kind of the referent.",
"type": "string"
},
"name": {
"description": "Name of the referent.",
"type": "string"
},
"namespace": {
"description": "Namespace of the referent, when not specified it acts as LocalObjectReference.",
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"images": {
"description": "Images is a list of (image name, new name, new tag or digest)\nfor changing image names, tags or digests. This can also be achieved with a\npatch, but this operator is simpler to specify.",
"items": {
"description": "Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag.",
"properties": {
"digest": {
"description": "Digest is the value used to replace the original image tag.\nIf digest is present NewTag value is ignored.",
"type": "string"
},
"name": {
"description": "Name is a tag-less image name.",
"type": "string"
},
"newName": {
"description": "NewName is the value used to replace the original name.",
"type": "string"
},
"newTag": {
"description": "NewTag is the value used to replace the original tag.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"interval": {
"description": "The interval at which to reconcile the Kustomization.",
"type": "string"
},
"kubeConfig": {
"description": "The KubeConfig for reconciling the Kustomization on a remote cluster.\nWhen specified, KubeConfig takes precedence over ServiceAccountName.",
"properties": {
"secretRef": {
"description": "SecretRef holds the name to a secret that contains a 'value' key with\nthe kubeconfig file as the value. It must be in the same namespace as\nthe Kustomization.\nIt is recommended that the kubeconfig is self-contained, and the secret\nis regularly updated if credentials such as a cloud-access-token expire.\nCloud specific `cmd-path` auth helpers will not function without adding\nbinaries and credentials to the Pod that is responsible for reconciling\nthe Kustomization.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
}
},
"required": [
"secretRef"
],
"type": "object",
"additionalProperties": false
},
"patches": {
"description": "Strategic merge and JSON patches, defined as inline YAML objects,\ncapable of targeting objects based on kind, label and annotation selectors.",
"items": {
"description": "Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should\nbe applied to.",
"properties": {
"patch": {
"description": "Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with\nan array of operation objects.",
"type": "string"
},
"target": {
"description": "Target points to the resources that the patch document should be applied to.",
"properties": {
"annotationSelector": {
"description": "AnnotationSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource annotations.",
"type": "string"
},
"group": {
"description": "Group is the API group to select resources from.\nTogether with Version and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md",
"type": "string"
},
"kind": {
"description": "Kind of the API Group to select resources from.\nTogether with Group and Version it is capable of unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md",
"type": "string"
},
"labelSelector": {
"description": "LabelSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource labels.",
"type": "string"
},
"name": {
"description": "Name to match resources with.",
"type": "string"
},
"namespace": {
"description": "Namespace to select resources from.",
"type": "string"
},
"version": {
"description": "Version of the API Group to select resources from.\nTogether with Group and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"patch"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"patchesJson6902": {
"description": "JSON 6902 patches, defined as inline YAML objects.",
"items": {
"description": "JSON6902Patch contains a JSON6902 patch and the target the patch should be applied to.",
"properties": {
"patch": {
"description": "Patch contains the JSON6902 patch document with an array of operation objects.",
"items": {
"description": "JSON6902 is a JSON6902 operation object.\nhttps://datatracker.ietf.org/doc/html/rfc6902#section-4",
"properties": {
"from": {
"description": "From contains a JSON-pointer value that references a location within the target document where the operation is\nperformed. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations.",
"type": "string"
},
"op": {
"description": "Op indicates the operation to perform. Its value MUST be one of \"add\", \"remove\", \"replace\", \"move\", \"copy\", or\n\"test\".\nhttps://datatracker.ietf.org/doc/html/rfc6902#section-4",
"enum": [
"test",
"remove",
"add",
"replace",
"move",
"copy"
],
"type": "string"
},
"path": {
"description": "Path contains the JSON-pointer value that references a location within the target document where the operation\nis performed. The meaning of the value depends on the value of Op.",
"type": "string"
},
"value": {
"description": "Value contains a valid JSON structure. The meaning of the value depends on the value of Op, and is NOT taken into\naccount by all operations.",
"x-kubernetes-preserve-unknown-fields": true
}
},
"required": [
"op",
"path"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"target": {
"description": "Target points to the resources that the patch document should be applied to.",
"properties": {
"annotationSelector": {
"description": "AnnotationSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource annotations.",
"type": "string"
},
"group": {
"description": "Group is the API group to select resources from.\nTogether with Version and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md",
"type": "string"
},
"kind": {
"description": "Kind of the API Group to select resources from.\nTogether with Group and Version it is capable of unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md",
"type": "string"
},
"labelSelector": {
"description": "LabelSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource labels.",
"type": "string"
},
"name": {
"description": "Name to match resources with.",
"type": "string"
},
"namespace": {
"description": "Namespace to select resources from.",
"type": "string"
},
"version": {
"description": "Version of the API Group to select resources from.\nTogether with Group and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"patch",
"target"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"patchesStrategicMerge": {
"description": "Strategic merge patches, defined as inline YAML objects.",
"items": {
"x-kubernetes-preserve-unknown-fields": true
},
"type": "array"
},
"path": {
"description": "Path to the directory containing the kustomization.yaml file, or the\nset of plain YAMLs a kustomization.yaml should be generated for.\nDefaults to 'None', which translates to the root path of the SourceRef.",
"type": "string"
},
"postBuild": {
"description": "PostBuild describes which actions to perform on the YAML manifest\ngenerated by building the kustomize overlay.",
"properties": {
"substitute": {
"additionalProperties": {
"type": "string"
},
"description": "Substitute holds a map of key/value pairs.\nThe variables defined in your YAML manifests\nthat match any of the keys defined in the map\nwill be substituted with the set value.\nIncludes support for bash string replacement functions\ne.g. ${var:=default}, ${var:position} and ${var/substring/replacement}.",
"type": "object"
},
"substituteFrom": {
"description": "SubstituteFrom holds references to ConfigMaps and Secrets containing\nthe variables and their values to be substituted in the YAML manifests.\nThe ConfigMap and the Secret data keys represent the var names and they\nmust match the vars declared in the manifests for the substitution to happen.",
"items": {
"description": "SubstituteReference contains a reference to a resource containing\nthe variables name and value.",
"properties": {
"kind": {
"description": "Kind of the values referent, valid values are ('Secret', 'ConfigMap').",
"enum": [
"Secret",
"ConfigMap"
],
"type": "string"
},
"name": {
"description": "Name of the values referent. Should reside in the same namespace as the\nreferring resource.",
"maxLength": 253,
"minLength": 1,
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"prune": {
"description": "Prune enables garbage collection.",
"type": "boolean"
},
"retryInterval": {
"description": "The interval at which to retry a previously failed reconciliation.\nWhen not specified, the controller uses the KustomizationSpec.Interval\nvalue to retry failures.",
"type": "string"
},
"serviceAccountName": {
"description": "The name of the Kubernetes service account to impersonate\nwhen reconciling this Kustomization.",
"type": "string"
},
"sourceRef": {
"description": "Reference of the source where the kustomization file is.",
"properties": {
"apiVersion": {
"description": "API version of the referent",
"type": "string"
},
"kind": {
"description": "Kind of the referent",
"enum": [
"GitRepository",
"Bucket"
],
"type": "string"
},
"name": {
"description": "Name of the referent",
"type": "string"
},
"namespace": {
"description": "Namespace of the referent, defaults to the Kustomization namespace",
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"suspend": {
"description": "This flag tells the controller to suspend subsequent kustomize executions,\nit does not apply to already started executions. Defaults to false.",
"type": "boolean"
},
"targetNamespace": {
"description": "TargetNamespace sets or overrides the namespace in the\nkustomization.yaml file.",
"maxLength": 63,
"minLength": 1,
"type": "string"
},
"timeout": {
"description": "Timeout for validation, apply and health checking operations.\nDefaults to 'Interval' duration.",
"type": "string"
},
"validation": {
"description": "Validate the Kubernetes objects before applying them on the cluster.\nThe validation strategy can be 'client' (local dry-run), 'server'\n(APIServer dry-run) or 'none'.\nWhen 'Force' is 'true', validation will fallback to 'client' if set to\n'server' because server-side validation is not supported in this scenario.",
"enum": [
"none",
"client",
"server"
],
"type": "string"
}
},
"required": [
"interval",
"prune",
"sourceRef"
],
"type": "object",
"additionalProperties": false
},
"status": {
"default": {
"observedGeneration": -1
},
"description": "KustomizationStatus defines the observed state of a kustomization.",
"properties": {
"conditions": {
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"lastAppliedRevision": {
"description": "The last successfully applied revision.\nThe revision format for Git sources is <branch|tag>/<commit-sha>.",
"type": "string"
},
"lastAttemptedRevision": {
"description": "LastAttemptedRevision is the revision of the last reconciliation attempt.",
"type": "string"
},
"lastHandledReconcileAt": {
"description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.",
"type": "string"
},
"observedGeneration": {
"description": "ObservedGeneration is the last reconciled generation.",
"format": "int64",
"type": "integer"
},
"snapshot": {
"description": "The last successfully applied revision metadata.",
"properties": {
"checksum": {
"description": "The manifests sha1 checksum.",
"type": "string"
},
"entries": {
"description": "A list of Kubernetes kinds grouped by namespace.",
"items": {
"description": "Snapshot holds the metadata of namespaced\nKubernetes objects",
"properties": {
"kinds": {
"additionalProperties": {
"type": "string"
},
"description": "The list of Kubernetes kinds.",
"type": "object"
},
"namespace": {
"description": "The namespace of this entry.",
"type": "string"
}
},
"required": [
"kinds"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"required": [
"checksum",
"entries"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

598
kustomize.toolkit.fluxcd.io/kustomization_v1beta2.json Normal file
View File

@ -0,0 +1,598 @@
{
"description": "Kustomization is the Schema for the kustomizations API.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "KustomizationSpec defines the configuration to calculate the desired state from a Source using Kustomize.",
"properties": {
"commonMetadata": {
"description": "CommonMetadata specifies the common labels and annotations that are applied to all resources.\nAny existing label or annotation will be overridden if its key matches a common one.",
"properties": {
"annotations": {
"additionalProperties": {
"type": "string"
},
"description": "Annotations to be added to the object's metadata.",
"type": "object"
},
"labels": {
"additionalProperties": {
"type": "string"
},
"description": "Labels to be added to the object's metadata.",
"type": "object"
}
},
"type": "object",
"additionalProperties": false
},
"components": {
"description": "Components specifies relative paths to specifications of other Components.",
"items": {
"type": "string"
},
"type": "array"
},
"decryption": {
"description": "Decrypt Kubernetes secrets before applying them on the cluster.",
"properties": {
"provider": {
"description": "Provider is the name of the decryption engine.",
"enum": [
"sops"
],
"type": "string"
},
"secretRef": {
"description": "The secret name containing the private OpenPGP keys used for decryption.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
}
},
"required": [
"provider"
],
"type": "object",
"additionalProperties": false
},
"dependsOn": {
"description": "DependsOn may contain a meta.NamespacedObjectReference slice\nwith references to Kustomization resources that must be ready before this\nKustomization can be reconciled.",
"items": {
"description": "NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any\nnamespace.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
},
"namespace": {
"description": "Namespace of the referent, when not specified it acts as LocalObjectReference.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"force": {
"default": false,
"description": "Force instructs the controller to recreate resources\nwhen patching fails due to an immutable field change.",
"type": "boolean"
},
"healthChecks": {
"description": "A list of resources to be included in the health assessment.",
"items": {
"description": "NamespacedObjectKindReference contains enough information to locate the typed referenced Kubernetes resource object\nin any namespace.",
"properties": {
"apiVersion": {
"description": "API version of the referent, if not specified the Kubernetes preferred version will be used.",
"type": "string"
},
"kind": {
"description": "Kind of the referent.",
"type": "string"
},
"name": {
"description": "Name of the referent.",
"type": "string"
},
"namespace": {
"description": "Namespace of the referent, when not specified it acts as LocalObjectReference.",
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"images": {
"description": "Images is a list of (image name, new name, new tag or digest)\nfor changing image names, tags or digests. This can also be achieved with a\npatch, but this operator is simpler to specify.",
"items": {
"description": "Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag.",
"properties": {
"digest": {
"description": "Digest is the value used to replace the original image tag.\nIf digest is present NewTag value is ignored.",
"type": "string"
},
"name": {
"description": "Name is a tag-less image name.",
"type": "string"
},
"newName": {
"description": "NewName is the value used to replace the original name.",
"type": "string"
},
"newTag": {
"description": "NewTag is the value used to replace the original tag.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"interval": {
"description": "The interval at which to reconcile the Kustomization.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$",
"type": "string"
},
"kubeConfig": {
"description": "The KubeConfig for reconciling the Kustomization on a remote cluster.\nWhen used in combination with KustomizationSpec.ServiceAccountName,\nforces the controller to act on behalf of that Service Account at the\ntarget cluster.\nIf the --default-service-account flag is set, its value will be used as\na controller level fallback for when KustomizationSpec.ServiceAccountName\nis empty.",
"properties": {
"secretRef": {
"description": "SecretRef holds the name of a secret that contains a key with\nthe kubeconfig file as the value. If no key is set, the key will default\nto 'value'.\nIt is recommended that the kubeconfig is self-contained, and the secret\nis regularly updated if credentials such as a cloud-access-token expire.\nCloud specific `cmd-path` auth helpers will not function without adding\nbinaries and credentials to the Pod that is responsible for reconciling\nKubernetes resources.",
"properties": {
"key": {
"description": "Key in the Secret, when not specified an implementation-specific default key is used.",
"type": "string"
},
"name": {
"description": "Name of the Secret.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
}
},
"required": [
"secretRef"
],
"type": "object",
"additionalProperties": false
},
"patches": {
"description": "Strategic merge and JSON patches, defined as inline YAML objects,\ncapable of targeting objects based on kind, label and annotation selectors.",
"items": {
"description": "Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should\nbe applied to.",
"properties": {
"patch": {
"description": "Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with\nan array of operation objects.",
"type": "string"
},
"target": {
"description": "Target points to the resources that the patch document should be applied to.",
"properties": {
"annotationSelector": {
"description": "AnnotationSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource annotations.",
"type": "string"
},
"group": {
"description": "Group is the API group to select resources from.\nTogether with Version and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md",
"type": "string"
},
"kind": {
"description": "Kind of the API Group to select resources from.\nTogether with Group and Version it is capable of unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md",
"type": "string"
},
"labelSelector": {
"description": "LabelSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource labels.",
"type": "string"
},
"name": {
"description": "Name to match resources with.",
"type": "string"
},
"namespace": {
"description": "Namespace to select resources from.",
"type": "string"
},
"version": {
"description": "Version of the API Group to select resources from.\nTogether with Group and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"patch"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"patchesJson6902": {
"description": "JSON 6902 patches, defined as inline YAML objects.\nDeprecated: Use Patches instead.",
"items": {
"description": "JSON6902Patch contains a JSON6902 patch and the target the patch should be applied to.",
"properties": {
"patch": {
"description": "Patch contains the JSON6902 patch document with an array of operation objects.",
"items": {
"description": "JSON6902 is a JSON6902 operation object.\nhttps://datatracker.ietf.org/doc/html/rfc6902#section-4",
"properties": {
"from": {
"description": "From contains a JSON-pointer value that references a location within the target document where the operation is\nperformed. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations.",
"type": "string"
},
"op": {
"description": "Op indicates the operation to perform. Its value MUST be one of \"add\", \"remove\", \"replace\", \"move\", \"copy\", or\n\"test\".\nhttps://datatracker.ietf.org/doc/html/rfc6902#section-4",
"enum": [
"test",
"remove",
"add",
"replace",
"move",
"copy"
],
"type": "string"
},
"path": {
"description": "Path contains the JSON-pointer value that references a location within the target document where the operation\nis performed. The meaning of the value depends on the value of Op.",
"type": "string"
},
"value": {
"description": "Value contains a valid JSON structure. The meaning of the value depends on the value of Op, and is NOT taken into\naccount by all operations.",
"x-kubernetes-preserve-unknown-fields": true
}
},
"required": [
"op",
"path"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"target": {
"description": "Target points to the resources that the patch document should be applied to.",
"properties": {
"annotationSelector": {
"description": "AnnotationSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource annotations.",
"type": "string"
},
"group": {
"description": "Group is the API group to select resources from.\nTogether with Version and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md",
"type": "string"
},
"kind": {
"description": "Kind of the API Group to select resources from.\nTogether with Group and Version it is capable of unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md",
"type": "string"
},
"labelSelector": {
"description": "LabelSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource labels.",
"type": "string"
},
"name": {
"description": "Name to match resources with.",
"type": "string"
},
"namespace": {
"description": "Namespace to select resources from.",
"type": "string"
},
"version": {
"description": "Version of the API Group to select resources from.\nTogether with Group and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"patch",
"target"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"patchesStrategicMerge": {
"description": "Strategic merge patches, defined as inline YAML objects.\nDeprecated: Use Patches instead.",
"items": {
"x-kubernetes-preserve-unknown-fields": true
},
"type": "array"
},
"path": {
"description": "Path to the directory containing the kustomization.yaml file, or the\nset of plain YAMLs a kustomization.yaml should be generated for.\nDefaults to 'None', which translates to the root path of the SourceRef.",
"type": "string"
},
"postBuild": {
"description": "PostBuild describes which actions to perform on the YAML manifest\ngenerated by building the kustomize overlay.",
"properties": {
"substitute": {
"additionalProperties": {
"type": "string"
},
"description": "Substitute holds a map of key/value pairs.\nThe variables defined in your YAML manifests\nthat match any of the keys defined in the map\nwill be substituted with the set value.\nIncludes support for bash string replacement functions\ne.g. ${var:=default}, ${var:position} and ${var/substring/replacement}.",
"type": "object"
},
"substituteFrom": {
"description": "SubstituteFrom holds references to ConfigMaps and Secrets containing\nthe variables and their values to be substituted in the YAML manifests.\nThe ConfigMap and the Secret data keys represent the var names and they\nmust match the vars declared in the manifests for the substitution to happen.",
"items": {
"description": "SubstituteReference contains a reference to a resource containing\nthe variables name and value.",
"properties": {
"kind": {
"description": "Kind of the values referent, valid values are ('Secret', 'ConfigMap').",
"enum": [
"Secret",
"ConfigMap"
],
"type": "string"
},
"name": {
"description": "Name of the values referent. Should reside in the same namespace as the\nreferring resource.",
"maxLength": 253,
"minLength": 1,
"type": "string"
},
"optional": {
"default": false,
"description": "Optional indicates whether the referenced resource must exist, or whether to\ntolerate its absence. If true and the referenced resource is absent, proceed\nas if the resource was present but empty, without any variables defined.",
"type": "boolean"
}
},
"required": [
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"prune": {
"description": "Prune enables garbage collection.",
"type": "boolean"
},
"retryInterval": {
"description": "The interval at which to retry a previously failed reconciliation.\nWhen not specified, the controller uses the KustomizationSpec.Interval\nvalue to retry failures.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$",
"type": "string"
},
"serviceAccountName": {
"description": "The name of the Kubernetes service account to impersonate\nwhen reconciling this Kustomization.",
"type": "string"
},
"sourceRef": {
"description": "Reference of the source where the kustomization file is.",
"properties": {
"apiVersion": {
"description": "API version of the referent.",
"type": "string"
},
"kind": {
"description": "Kind of the referent.",
"enum": [
"OCIRepository",
"GitRepository",
"Bucket"
],
"type": "string"
},
"name": {
"description": "Name of the referent.",
"type": "string"
},
"namespace": {
"description": "Namespace of the referent, defaults to the namespace of the Kubernetes resource object that contains the reference.",
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"suspend": {
"description": "This flag tells the controller to suspend subsequent kustomize executions,\nit does not apply to already started executions. Defaults to false.",
"type": "boolean"
},
"targetNamespace": {
"description": "TargetNamespace sets or overrides the namespace in the\nkustomization.yaml file.",
"maxLength": 63,
"minLength": 1,
"type": "string"
},
"timeout": {
"description": "Timeout for validation, apply and health checking operations.\nDefaults to 'Interval' duration.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$",
"type": "string"
},
"validation": {
"description": "Deprecated: Not used in v1beta2.",
"enum": [
"none",
"client",
"server"
],
"type": "string"
},
"wait": {
"description": "Wait instructs the controller to check the health of all the reconciled resources.\nWhen enabled, the HealthChecks are ignored. Defaults to false.",
"type": "boolean"
}
},
"required": [
"interval",
"prune",
"sourceRef"
],
"type": "object",
"additionalProperties": false
},
"status": {
"default": {
"observedGeneration": -1
},
"description": "KustomizationStatus defines the observed state of a kustomization.",
"properties": {
"conditions": {
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"inventory": {
"description": "Inventory contains the list of Kubernetes resource object references that have been successfully applied.",
"properties": {
"entries": {
"description": "Entries of Kubernetes resource object references.",
"items": {
"description": "ResourceRef contains the information necessary to locate a resource within a cluster.",
"properties": {
"id": {
"description": "ID is the string representation of the Kubernetes resource object's metadata,\nin the format '<namespace>_<name>_<group>_<kind>'.",
"type": "string"
},
"v": {
"description": "Version is the API version of the Kubernetes resource object's kind.",
"type": "string"
}
},
"required": [
"id",
"v"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"required": [
"entries"
],
"type": "object",
"additionalProperties": false
},
"lastAppliedRevision": {
"description": "The last successfully applied revision.\nEquals the Revision of the applied Artifact from the referenced Source.",
"type": "string"
},
"lastAttemptedRevision": {
"description": "LastAttemptedRevision is the revision of the last reconciliation attempt.",
"type": "string"
},
"lastHandledReconcileAt": {
"description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.",
"type": "string"
},
"observedGeneration": {
"description": "ObservedGeneration is the last reconciled generation.",
"format": "int64",
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

28
metallb.io/all-anyOf.json Normal file
View File

@ -0,0 +1,28 @@
{
"anyOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/metallb.io/bfdprofile_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/metallb.io/bgpadvertisement_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/metallb.io/bgppeer_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/metallb.io/bgppeer_v1beta2.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/metallb.io/community_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/metallb.io/ipaddresspool_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/metallb.io/l2advertisement_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/metallb.io/servicel2status_v1beta1.json"
}
]
}

28
metallb.io/all-oneOf.json Normal file
View File

@ -0,0 +1,28 @@
{
"oneOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/metallb.io/bfdprofile_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/metallb.io/bgpadvertisement_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/metallb.io/bgppeer_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/metallb.io/bgppeer_v1beta2.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/metallb.io/community_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/metallb.io/ipaddresspool_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/metallb.io/l2advertisement_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/metallb.io/servicel2status_v1beta1.json"
}
]
}

71
metallb.io/bfdprofile_v1beta1.json Normal file
View File

@ -0,0 +1,71 @@
{
"description": "BFDProfile represents the settings of the bfd session that can be\noptionally associated with a BGP session.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "BFDProfileSpec defines the desired state of BFDProfile.",
"properties": {
"detectMultiplier": {
"description": "Configures the detection multiplier to determine\npacket loss. The remote transmission interval will be multiplied\nby this value to determine the connection loss detection timer.",
"format": "int32",
"maximum": 255,
"minimum": 2,
"type": "integer"
},
"echoInterval": {
"description": "Configures the minimal echo receive transmission\ninterval that this system is capable of handling in milliseconds.\nDefaults to 50ms",
"format": "int32",
"maximum": 60000,
"minimum": 10,
"type": "integer"
},
"echoMode": {
"description": "Enables or disables the echo transmission mode.\nThis mode is disabled by default, and not supported on multi\nhops setups.",
"type": "boolean"
},
"minimumTtl": {
"description": "For multi hop sessions only: configure the minimum\nexpected TTL for an incoming BFD control packet.",
"format": "int32",
"maximum": 254,
"minimum": 1,
"type": "integer"
},
"passiveMode": {
"description": "Mark session as passive: a passive session will not\nattempt to start the connection and will wait for control packets\nfrom peer before it begins replying.",
"type": "boolean"
},
"receiveInterval": {
"description": "The minimum interval that this system is capable of\nreceiving control packets in milliseconds.\nDefaults to 300ms.",
"format": "int32",
"maximum": 60000,
"minimum": 10,
"type": "integer"
},
"transmitInterval": {
"description": "The minimum transmission interval (less jitter)\nthat this system wants to use to send BFD control packets in\nmilliseconds. Defaults to 300ms",
"format": "int32",
"maximum": 60000,
"minimum": 10,
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
},
"status": {
"description": "BFDProfileStatus defines the observed state of BFDProfile.",
"type": "object"
}
},
"type": "object"
}

169
metallb.io/bgpadvertisement_v1beta1.json Normal file
View File

@ -0,0 +1,169 @@
{
"description": "BGPAdvertisement allows to advertise the IPs coming\nfrom the selected IPAddressPools via BGP, setting the parameters of the\nBGP Advertisement.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "BGPAdvertisementSpec defines the desired state of BGPAdvertisement.",
"properties": {
"aggregationLength": {
"default": 32,
"description": "The aggregation-length advertisement option lets you \u201croll up\u201d the /32s into a larger prefix. Defaults to 32. Works for IPv4 addresses.",
"format": "int32",
"minimum": 1,
"type": "integer"
},
"aggregationLengthV6": {
"default": 128,
"description": "The aggregation-length advertisement option lets you \u201croll up\u201d the /128s into a larger prefix. Defaults to 128. Works for IPv6 addresses.",
"format": "int32",
"type": "integer"
},
"communities": {
"description": "The BGP communities to be associated with the announcement. Each item can be a standard community of the\nform 1234:1234, a large community of the form large:1234:1234:1234 or the name of an alias defined in the\nCommunity CRD.",
"items": {
"type": "string"
},
"type": "array"
},
"ipAddressPoolSelectors": {
"description": "A selector for the IPAddressPools which would get advertised via this advertisement.\nIf no IPAddressPool is selected by this or by the list, the advertisement is applied to all the IPAddressPools.",
"items": {
"description": "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects.",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object",
"additionalProperties": false
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"type": "array"
},
"ipAddressPools": {
"description": "The list of IPAddressPools to advertise via this advertisement, selected by name.",
"items": {
"type": "string"
},
"type": "array"
},
"localPref": {
"description": "The BGP LOCAL_PREF attribute which is used by BGP best path algorithm,\nPath with higher localpref is preferred over one with lower localpref.",
"format": "int32",
"type": "integer"
},
"nodeSelectors": {
"description": "NodeSelectors allows to limit the nodes to announce as next hops for the LoadBalancer IP. When empty, all the nodes having are announced as next hops.",
"items": {
"description": "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects.",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object",
"additionalProperties": false
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"type": "array"
},
"peers": {
"description": "Peers limits the bgppeer to advertise the ips of the selected pools to.\nWhen empty, the loadbalancer IP is announced to all the BGPPeers configured.",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"status": {
"description": "BGPAdvertisementStatus defines the observed state of BGPAdvertisement.",
"type": "object"
}
},
"type": "object"
}

127
metallb.io/bgppeer_v1beta1.json Normal file
View File

@ -0,0 +1,127 @@
{
"description": "BGPPeer is the Schema for the peers API.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "BGPPeerSpec defines the desired state of Peer.",
"properties": {
"bfdProfile": {
"type": "string"
},
"ebgpMultiHop": {
"description": "EBGP peer is multi-hops away",
"type": "boolean"
},
"holdTime": {
"description": "Requested BGP hold time, per RFC4271.",
"type": "string"
},
"keepaliveTime": {
"description": "Requested BGP keepalive time, per RFC4271.",
"type": "string"
},
"myASN": {
"description": "AS number to use for the local end of the session.",
"format": "int32",
"maximum": 4294967295,
"minimum": 0,
"type": "integer"
},
"nodeSelectors": {
"description": "Only connect to this peer on nodes that match one of these\nselectors.",
"items": {
"properties": {
"matchExpressions": {
"items": {
"properties": {
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"values": {
"items": {
"type": "string"
},
"minItems": 1,
"type": "array"
}
},
"required": [
"key",
"operator",
"values"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"password": {
"description": "Authentication password for routers enforcing TCP MD5 authenticated sessions",
"type": "string"
},
"peerASN": {
"description": "AS number to expect from the remote end of the session.",
"format": "int32",
"maximum": 4294967295,
"minimum": 0,
"type": "integer"
},
"peerAddress": {
"description": "Address to dial when establishing the session.",
"type": "string"
},
"peerPort": {
"description": "Port to dial when establishing the session.",
"maximum": 16384,
"minimum": 0,
"type": "integer"
},
"routerID": {
"description": "BGP router ID to advertise to the peer",
"type": "string"
},
"sourceAddress": {
"description": "Source address to use when establishing the session.",
"type": "string"
}
},
"required": [
"myASN",
"peerASN",
"peerAddress"
],
"type": "object",
"additionalProperties": false
},
"status": {
"description": "BGPPeerStatus defines the observed state of Peer.",
"type": "object"
}
},
"type": "object"
}

186
metallb.io/bgppeer_v1beta2.json Normal file
View File

@ -0,0 +1,186 @@
{
"description": "BGPPeer is the Schema for the peers API.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "BGPPeerSpec defines the desired state of Peer.",
"properties": {
"bfdProfile": {
"description": "The name of the BFD Profile to be used for the BFD session associated to the BGP session. If not set, the BFD session won't be set up.",
"type": "string"
},
"connectTime": {
"description": "Requested BGP connect time, controls how long BGP waits between connection attempts to a neighbor.",
"type": "string",
"x-kubernetes-validations": [
{
"message": "connect time should be between 1 seconds to 65535",
"rule": "duration(self).getSeconds() >= 1 && duration(self).getSeconds() <= 65535"
},
{
"message": "connect time should contain a whole number of seconds",
"rule": "duration(self).getMilliseconds() % 1000 == 0"
}
]
},
"disableMP": {
"default": false,
"description": "To set if we want to disable MP BGP that will separate IPv4 and IPv6 route exchanges into distinct BGP sessions.",
"type": "boolean"
},
"ebgpMultiHop": {
"description": "To set if the BGPPeer is multi-hops away. Needed for FRR mode only.",
"type": "boolean"
},
"enableGracefulRestart": {
"description": "EnableGracefulRestart allows BGP peer to continue to forward data packets along\nknown routes while the routing protocol information is being restored.\nThis field is immutable because it requires restart of the BGP session\nSupported for FRR mode only.",
"type": "boolean",
"x-kubernetes-validations": [
{
"message": "EnableGracefulRestart cannot be changed after creation",
"rule": "self == oldSelf"
}
]
},
"holdTime": {
"description": "Requested BGP hold time, per RFC4271.",
"type": "string"
},
"keepaliveTime": {
"description": "Requested BGP keepalive time, per RFC4271.",
"type": "string"
},
"myASN": {
"description": "AS number to use for the local end of the session.",
"format": "int32",
"maximum": 4294967295,
"minimum": 0,
"type": "integer"
},
"nodeSelectors": {
"description": "Only connect to this peer on nodes that match one of these\nselectors.",
"items": {
"description": "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects.",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object",
"additionalProperties": false
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"type": "array"
},
"password": {
"description": "Authentication password for routers enforcing TCP MD5 authenticated sessions",
"type": "string"
},
"passwordSecret": {
"description": "passwordSecret is name of the authentication secret for BGP Peer.\nthe secret must be of type \"kubernetes.io/basic-auth\", and created in the\nsame namespace as the MetalLB deployment. The password is stored in the\nsecret as the key \"password\".",
"properties": {
"name": {
"description": "name is unique within a namespace to reference a secret resource.",
"type": "string"
},
"namespace": {
"description": "namespace defines the space within which the secret name must be unique.",
"type": "string"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"peerASN": {
"description": "AS number to expect from the remote end of the session.",
"format": "int32",
"maximum": 4294967295,
"minimum": 0,
"type": "integer"
},
"peerAddress": {
"description": "Address to dial when establishing the session.",
"type": "string"
},
"peerPort": {
"default": 179,
"description": "Port to dial when establishing the session.",
"maximum": 16384,
"minimum": 0,
"type": "integer"
},
"routerID": {
"description": "BGP router ID to advertise to the peer",
"type": "string"
},
"sourceAddress": {
"description": "Source address to use when establishing the session.",
"type": "string"
},
"vrf": {
"description": "To set if we want to peer with the BGPPeer using an interface belonging to\na host vrf",
"type": "string"
}
},
"required": [
"myASN",
"peerASN",
"peerAddress"
],
"type": "object",
"additionalProperties": false
},
"status": {
"description": "BGPPeerStatus defines the observed state of Peer.",
"type": "object"
}
},
"type": "object"
}

45
metallb.io/community_v1beta1.json Normal file
View File

@ -0,0 +1,45 @@
{
"description": "Community is a collection of aliases for communities.\nUsers can define named aliases to be used in the BGPPeer CRD.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "CommunitySpec defines the desired state of Community.",
"properties": {
"communities": {
"items": {
"properties": {
"name": {
"description": "The name of the alias for the community.",
"type": "string"
},
"value": {
"description": "The BGP community value corresponding to the given name. Can be a standard community of the form 1234:1234\nor a large community of the form large:1234:1234:1234.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"status": {
"description": "CommunityStatus defines the observed state of Community.",
"type": "object"
}
},
"type": "object"
}

171
metallb.io/ipaddresspool_v1beta1.json Normal file
View File

@ -0,0 +1,171 @@
{
"description": "IPAddressPool represents a pool of IP addresses that can be allocated\nto LoadBalancer services.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "IPAddressPoolSpec defines the desired state of IPAddressPool.",
"properties": {
"addresses": {
"description": "A list of IP address ranges over which MetalLB has authority.\nYou can list multiple ranges in a single pool, they will all share the\nsame settings. Each range can be either a CIDR prefix, or an explicit\nstart-end range of IPs.",
"items": {
"type": "string"
},
"type": "array"
},
"autoAssign": {
"default": true,
"description": "AutoAssign flag used to prevent MetallB from automatic allocation\nfor a pool.",
"type": "boolean"
},
"avoidBuggyIPs": {
"default": false,
"description": "AvoidBuggyIPs prevents addresses ending with .0 and .255\nto be used by a pool.",
"type": "boolean"
},
"serviceAllocation": {
"description": "AllocateTo makes ip pool allocation to specific namespace and/or service.\nThe controller will use the pool with lowest value of priority in case of\nmultiple matches. A pool with no priority set will be used only if the\npools with priority can't be used. If multiple matching IPAddressPools are\navailable it will check for the availability of IPs sorting the matching\nIPAddressPools by priority, starting from the highest to the lowest. If\nmultiple IPAddressPools have the same priority, choice will be random.",
"properties": {
"namespaceSelectors": {
"description": "NamespaceSelectors list of label selectors to select namespace(s) for ip pool,\nan alternative to using namespace list.",
"items": {
"description": "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects.",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object",
"additionalProperties": false
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"type": "array"
},
"namespaces": {
"description": "Namespaces list of namespace(s) on which ip pool can be attached.",
"items": {
"type": "string"
},
"type": "array"
},
"priority": {
"description": "Priority priority given for ip pool while ip allocation on a service.",
"type": "integer"
},
"serviceSelectors": {
"description": "ServiceSelectors list of label selector to select service(s) for which ip pool\ncan be used for ip allocation.",
"items": {
"description": "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects.",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object",
"additionalProperties": false
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"addresses"
],
"type": "object",
"additionalProperties": false
},
"status": {
"description": "IPAddressPoolStatus defines the observed state of IPAddressPool.",
"type": "object"
}
},
"required": [
"spec"
],
"type": "object"
}

144
metallb.io/l2advertisement_v1beta1.json Normal file
View File

@ -0,0 +1,144 @@
{
"description": "L2Advertisement allows to advertise the LoadBalancer IPs provided\nby the selected pools via L2.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "L2AdvertisementSpec defines the desired state of L2Advertisement.",
"properties": {
"interfaces": {
"description": "A list of interfaces to announce from. The LB IP will be announced only from these interfaces.\nIf the field is not set, we advertise from all the interfaces on the host.",
"items": {
"type": "string"
},
"type": "array"
},
"ipAddressPoolSelectors": {
"description": "A selector for the IPAddressPools which would get advertised via this advertisement.\nIf no IPAddressPool is selected by this or by the list, the advertisement is applied to all the IPAddressPools.",
"items": {
"description": "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects.",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object",
"additionalProperties": false
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"type": "array"
},
"ipAddressPools": {
"description": "The list of IPAddressPools to advertise via this advertisement, selected by name.",
"items": {
"type": "string"
},
"type": "array"
},
"nodeSelectors": {
"description": "NodeSelectors allows to limit the nodes to announce as next hops for the LoadBalancer IP. When empty, all the nodes having are announced as next hops.",
"items": {
"description": "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects.",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object",
"additionalProperties": false
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"status": {
"description": "L2AdvertisementStatus defines the observed state of L2Advertisement.",
"type": "object"
}
},
"type": "object"
}

73
metallb.io/servicel2status_v1beta1.json Normal file
View File

@ -0,0 +1,73 @@
{
"description": "ServiceL2Status reveals the actual traffic status of loadbalancer services in layer2 mode.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "ServiceL2StatusSpec defines the desired state of ServiceL2Status.",
"type": "object"
},
"status": {
"description": "MetalLBServiceL2Status defines the observed state of ServiceL2Status.",
"properties": {
"interfaces": {
"description": "Interfaces indicates the interfaces that receive the directed traffic",
"items": {
"description": "InterfaceInfo defines interface info of layer2 announcement.",
"properties": {
"name": {
"description": "Name the name of network interface card",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"node": {
"description": "Node indicates the node that receives the directed traffic",
"type": "string",
"x-kubernetes-validations": [
{
"message": "Value is immutable",
"rule": "self == oldSelf"
}
]
},
"serviceName": {
"description": "ServiceName indicates the service this status represents",
"type": "string",
"x-kubernetes-validations": [
{
"message": "Value is immutable",
"rule": "self == oldSelf"
}
]
},
"serviceNamespace": {
"description": "ServiceNamespace indicates the namespace of the service",
"type": "string",
"x-kubernetes-validations": [
{
"message": "Value is immutable",
"rule": "self == oldSelf"
}
]
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

7
minio.min.io/all-anyOf.json Normal file
View File

@ -0,0 +1,7 @@
{
"anyOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/minio.min.io/tenant_v2.json"
}
]
}

7
minio.min.io/all-oneOf.json Normal file
View File

@ -0,0 +1,7 @@
{
"oneOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/minio.min.io/tenant_v2.json"
}
]
}

9017
minio.min.io/tenant_v2.json Normal file
View File

File diff suppressed because it is too large Load Diff

190
notification.toolkit.fluxcd.io/alert_v1beta1.json Normal file
View File

@ -0,0 +1,190 @@
{
"description": "Alert is the Schema for the alerts API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "AlertSpec defines an alerting rule for events involving a list of objects",
"properties": {
"eventSeverity": {
"default": "info",
"description": "Filter events based on severity, defaults to ('info').\nIf set to 'info' no events will be filtered.",
"enum": [
"info",
"error"
],
"type": "string"
},
"eventSources": {
"description": "Filter events based on the involved objects.",
"items": {
"description": "CrossNamespaceObjectReference contains enough information to let you locate the\ntyped referenced object at cluster level",
"properties": {
"apiVersion": {
"description": "API version of the referent",
"type": "string"
},
"kind": {
"description": "Kind of the referent",
"enum": [
"Bucket",
"GitRepository",
"Kustomization",
"HelmRelease",
"HelmChart",
"HelmRepository",
"ImageRepository",
"ImagePolicy",
"ImageUpdateAutomation",
"OCIRepository"
],
"type": "string"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
},
"name": {
"description": "Name of the referent",
"maxLength": 53,
"minLength": 1,
"type": "string"
},
"namespace": {
"description": "Namespace of the referent",
"maxLength": 53,
"minLength": 1,
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"exclusionList": {
"description": "A list of Golang regular expressions to be used for excluding messages.",
"items": {
"type": "string"
},
"type": "array"
},
"providerRef": {
"description": "Send events using this provider.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"summary": {
"description": "Short description of the impact and affected cluster.",
"type": "string"
},
"suspend": {
"description": "This flag tells the controller to suspend subsequent events dispatching.\nDefaults to false.",
"type": "boolean"
}
},
"required": [
"eventSources",
"providerRef"
],
"type": "object",
"additionalProperties": false
},
"status": {
"default": {
"observedGeneration": -1
},
"description": "AlertStatus defines the observed state of Alert",
"properties": {
"conditions": {
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"observedGeneration": {
"description": "ObservedGeneration is the last observed generation.",
"format": "int64",
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

210
notification.toolkit.fluxcd.io/alert_v1beta2.json Normal file
View File

@ -0,0 +1,210 @@
{
"description": "Alert is the Schema for the alerts API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "AlertSpec defines an alerting rule for events involving a list of objects.",
"properties": {
"eventMetadata": {
"additionalProperties": {
"type": "string"
},
"description": "EventMetadata is an optional field for adding metadata to events dispatched by the\ncontroller. This can be used for enhancing the context of the event. If a field\nwould override one already present on the original event as generated by the emitter,\nthen the override doesn't happen, i.e. the original value is preserved, and an info\nlog is printed.",
"type": "object"
},
"eventSeverity": {
"default": "info",
"description": "EventSeverity specifies how to filter events based on severity.\nIf set to 'info' no events will be filtered.",
"enum": [
"info",
"error"
],
"type": "string"
},
"eventSources": {
"description": "EventSources specifies how to filter events based\non the involved object kind, name and namespace.",
"items": {
"description": "CrossNamespaceObjectReference contains enough information to let you locate the\ntyped referenced object at cluster level",
"properties": {
"apiVersion": {
"description": "API version of the referent",
"type": "string"
},
"kind": {
"description": "Kind of the referent",
"enum": [
"Bucket",
"GitRepository",
"Kustomization",
"HelmRelease",
"HelmChart",
"HelmRepository",
"ImageRepository",
"ImagePolicy",
"ImageUpdateAutomation",
"OCIRepository"
],
"type": "string"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.\nMatchLabels requires the name to be set to `*`.",
"type": "object"
},
"name": {
"description": "Name of the referent\nIf multiple resources are targeted `*` may be set.",
"maxLength": 53,
"minLength": 1,
"type": "string"
},
"namespace": {
"description": "Namespace of the referent",
"maxLength": 53,
"minLength": 1,
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"exclusionList": {
"description": "ExclusionList specifies a list of Golang regular expressions\nto be used for excluding messages.",
"items": {
"type": "string"
},
"type": "array"
},
"inclusionList": {
"description": "InclusionList specifies a list of Golang regular expressions\nto be used for including messages.",
"items": {
"type": "string"
},
"type": "array"
},
"providerRef": {
"description": "ProviderRef specifies which Provider this Alert should use.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"summary": {
"description": "Summary holds a short description of the impact and affected cluster.",
"maxLength": 255,
"type": "string"
},
"suspend": {
"description": "Suspend tells the controller to suspend subsequent\nevents handling for this Alert.",
"type": "boolean"
}
},
"required": [
"eventSources",
"providerRef"
],
"type": "object",
"additionalProperties": false
},
"status": {
"default": {
"observedGeneration": -1
},
"description": "AlertStatus defines the observed state of the Alert.",
"properties": {
"conditions": {
"description": "Conditions holds the conditions for the Alert.",
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"lastHandledReconcileAt": {
"description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.",
"type": "string"
},
"observedGeneration": {
"description": "ObservedGeneration is the last observed generation.",
"format": "int64",
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

135
notification.toolkit.fluxcd.io/alert_v1beta3.json Normal file
View File

@ -0,0 +1,135 @@
{
"description": "Alert is the Schema for the alerts API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "AlertSpec defines an alerting rule for events involving a list of objects.",
"properties": {
"eventMetadata": {
"additionalProperties": {
"type": "string"
},
"description": "EventMetadata is an optional field for adding metadata to events dispatched by the\ncontroller. This can be used for enhancing the context of the event. If a field\nwould override one already present on the original event as generated by the emitter,\nthen the override doesn't happen, i.e. the original value is preserved, and an info\nlog is printed.",
"type": "object"
},
"eventSeverity": {
"default": "info",
"description": "EventSeverity specifies how to filter events based on severity.\nIf set to 'info' no events will be filtered.",
"enum": [
"info",
"error"
],
"type": "string"
},
"eventSources": {
"description": "EventSources specifies how to filter events based\non the involved object kind, name and namespace.",
"items": {
"description": "CrossNamespaceObjectReference contains enough information to let you locate the\ntyped referenced object at cluster level",
"properties": {
"apiVersion": {
"description": "API version of the referent",
"type": "string"
},
"kind": {
"description": "Kind of the referent",
"enum": [
"Bucket",
"GitRepository",
"Kustomization",
"HelmRelease",
"HelmChart",
"HelmRepository",
"ImageRepository",
"ImagePolicy",
"ImageUpdateAutomation",
"OCIRepository"
],
"type": "string"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.\nMatchLabels requires the name to be set to `*`.",
"type": "object"
},
"name": {
"description": "Name of the referent\nIf multiple resources are targeted `*` may be set.",
"maxLength": 53,
"minLength": 1,
"type": "string"
},
"namespace": {
"description": "Namespace of the referent",
"maxLength": 53,
"minLength": 1,
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"exclusionList": {
"description": "ExclusionList specifies a list of Golang regular expressions\nto be used for excluding messages.",
"items": {
"type": "string"
},
"type": "array"
},
"inclusionList": {
"description": "InclusionList specifies a list of Golang regular expressions\nto be used for including messages.",
"items": {
"type": "string"
},
"type": "array"
},
"providerRef": {
"description": "ProviderRef specifies which Provider this Alert should use.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"summary": {
"description": "Summary holds a short description of the impact and affected cluster.",
"maxLength": 255,
"type": "string"
},
"suspend": {
"description": "Suspend tells the controller to suspend subsequent\nevents handling for this Alert.",
"type": "boolean"
}
},
"required": [
"eventSources",
"providerRef"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

31
notification.toolkit.fluxcd.io/all-anyOf.json Normal file
View File

@ -0,0 +1,31 @@
{
"anyOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/notification.toolkit.fluxcd.io/alert_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/notification.toolkit.fluxcd.io/alert_v1beta2.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/notification.toolkit.fluxcd.io/alert_v1beta3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/notification.toolkit.fluxcd.io/provider_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/notification.toolkit.fluxcd.io/provider_v1beta2.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/notification.toolkit.fluxcd.io/provider_v1beta3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/notification.toolkit.fluxcd.io/receiver_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/notification.toolkit.fluxcd.io/receiver_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/notification.toolkit.fluxcd.io/receiver_v1beta2.json"
}
]
}

31
notification.toolkit.fluxcd.io/all-oneOf.json Normal file
View File

@ -0,0 +1,31 @@
{
"oneOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/notification.toolkit.fluxcd.io/alert_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/notification.toolkit.fluxcd.io/alert_v1beta2.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/notification.toolkit.fluxcd.io/alert_v1beta3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/notification.toolkit.fluxcd.io/provider_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/notification.toolkit.fluxcd.io/provider_v1beta2.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/notification.toolkit.fluxcd.io/provider_v1beta3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/notification.toolkit.fluxcd.io/receiver_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/notification.toolkit.fluxcd.io/receiver_v1beta1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/notification.toolkit.fluxcd.io/receiver_v1beta2.json"
}
]
}

179
notification.toolkit.fluxcd.io/provider_v1beta1.json Normal file
View File

@ -0,0 +1,179 @@
{
"description": "Provider is the Schema for the providers API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "ProviderSpec defines the desired state of Provider",
"properties": {
"address": {
"description": "HTTP/S webhook address of this provider",
"pattern": "^(http|https)://",
"type": "string"
},
"certSecretRef": {
"description": "CertSecretRef can be given the name of a secret containing\na PEM-encoded CA certificate (`caFile`)",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"channel": {
"description": "Alert channel for this provider",
"type": "string"
},
"proxy": {
"description": "HTTP/S address of the proxy",
"pattern": "^(http|https)://",
"type": "string"
},
"secretRef": {
"description": "Secret reference containing the provider webhook URL\nusing \"address\" as data key",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"suspend": {
"description": "This flag tells the controller to suspend subsequent events handling.\nDefaults to false.",
"type": "boolean"
},
"timeout": {
"description": "Timeout for sending alerts to the provider.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m))+$",
"type": "string"
},
"type": {
"description": "Type of provider",
"enum": [
"slack",
"discord",
"msteams",
"rocket",
"generic",
"generic-hmac",
"github",
"gitlab",
"bitbucket",
"azuredevops",
"googlechat",
"webex",
"sentry",
"azureeventhub",
"telegram",
"lark",
"matrix",
"opsgenie",
"alertmanager",
"grafana",
"githubdispatch"
],
"type": "string"
},
"username": {
"description": "Bot username for this provider",
"type": "string"
}
},
"required": [
"type"
],
"type": "object",
"additionalProperties": false
},
"status": {
"default": {
"observedGeneration": -1
},
"description": "ProviderStatus defines the observed state of Provider",
"properties": {
"conditions": {
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"observedGeneration": {
"description": "ObservedGeneration is the last reconciled generation.",
"format": "int64",
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

197
notification.toolkit.fluxcd.io/provider_v1beta2.json Normal file
View File

@ -0,0 +1,197 @@
{
"description": "Provider is the Schema for the providers API.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "ProviderSpec defines the desired state of the Provider.",
"properties": {
"address": {
"description": "Address specifies the endpoint, in a generic sense, to where alerts are sent.\nWhat kind of endpoint depends on the specific Provider type being used.\nFor the generic Provider, for example, this is an HTTP/S address.\nFor other Provider types this could be a project ID or a namespace.",
"maxLength": 2048,
"type": "string"
},
"certSecretRef": {
"description": "CertSecretRef specifies the Secret containing\na PEM-encoded CA certificate (in the `ca.crt` key).\n\nNote: Support for the `caFile` key has\nbeen deprecated.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"channel": {
"description": "Channel specifies the destination channel where events should be posted.",
"maxLength": 2048,
"type": "string"
},
"interval": {
"description": "Interval at which to reconcile the Provider with its Secret references.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$",
"type": "string"
},
"proxy": {
"description": "Proxy the HTTP/S address of the proxy server.",
"maxLength": 2048,
"pattern": "^(http|https)://.*$",
"type": "string"
},
"secretRef": {
"description": "SecretRef specifies the Secret containing the authentication\ncredentials for this Provider.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"suspend": {
"description": "Suspend tells the controller to suspend subsequent\nevents handling for this Provider.",
"type": "boolean"
},
"timeout": {
"description": "Timeout for sending alerts to the Provider.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m))+$",
"type": "string"
},
"type": {
"description": "Type specifies which Provider implementation to use.",
"enum": [
"slack",
"discord",
"msteams",
"rocket",
"generic",
"generic-hmac",
"github",
"gitlab",
"gitea",
"bitbucketserver",
"bitbucket",
"azuredevops",
"googlechat",
"googlepubsub",
"webex",
"sentry",
"azureeventhub",
"telegram",
"lark",
"matrix",
"opsgenie",
"alertmanager",
"grafana",
"githubdispatch",
"pagerduty",
"datadog"
],
"type": "string"
},
"username": {
"description": "Username specifies the name under which events are posted.",
"maxLength": 2048,
"type": "string"
}
},
"required": [
"type"
],
"type": "object",
"additionalProperties": false
},
"status": {
"default": {
"observedGeneration": -1
},
"description": "ProviderStatus defines the observed state of the Provider.",
"properties": {
"conditions": {
"description": "Conditions holds the conditions for the Provider.",
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"lastHandledReconcileAt": {
"description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.",
"type": "string"
},
"observedGeneration": {
"description": "ObservedGeneration is the last reconciled generation.",
"format": "int64",
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

123
notification.toolkit.fluxcd.io/provider_v1beta3.json Normal file
View File

@ -0,0 +1,123 @@
{
"description": "Provider is the Schema for the providers API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "ProviderSpec defines the desired state of the Provider.",
"properties": {
"address": {
"description": "Address specifies the endpoint, in a generic sense, to where alerts are sent.\nWhat kind of endpoint depends on the specific Provider type being used.\nFor the generic Provider, for example, this is an HTTP/S address.\nFor other Provider types this could be a project ID or a namespace.",
"maxLength": 2048,
"type": "string"
},
"certSecretRef": {
"description": "CertSecretRef specifies the Secret containing\na PEM-encoded CA certificate (in the `ca.crt` key).\n\nNote: Support for the `caFile` key has\nbeen deprecated.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"channel": {
"description": "Channel specifies the destination channel where events should be posted.",
"maxLength": 2048,
"type": "string"
},
"interval": {
"description": "Interval at which to reconcile the Provider with its Secret references.\nDeprecated and not used in v1beta3.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$",
"type": "string"
},
"proxy": {
"description": "Proxy the HTTP/S address of the proxy server.",
"maxLength": 2048,
"pattern": "^(http|https)://.*$",
"type": "string"
},
"secretRef": {
"description": "SecretRef specifies the Secret containing the authentication\ncredentials for this Provider.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"suspend": {
"description": "Suspend tells the controller to suspend subsequent\nevents handling for this Provider.",
"type": "boolean"
},
"timeout": {
"description": "Timeout for sending alerts to the Provider.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m))+$",
"type": "string"
},
"type": {
"description": "Type specifies which Provider implementation to use.",
"enum": [
"slack",
"discord",
"msteams",
"rocket",
"generic",
"generic-hmac",
"github",
"gitlab",
"gitea",
"bitbucketserver",
"bitbucket",
"azuredevops",
"googlechat",
"googlepubsub",
"webex",
"sentry",
"azureeventhub",
"telegram",
"lark",
"matrix",
"opsgenie",
"alertmanager",
"grafana",
"githubdispatch",
"pagerduty",
"datadog",
"nats"
],
"type": "string"
},
"username": {
"description": "Username specifies the name under which events are posted.",
"maxLength": 2048,
"type": "string"
}
},
"required": [
"type"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

211
notification.toolkit.fluxcd.io/receiver_v1.json Normal file
View File

@ -0,0 +1,211 @@
{
"description": "Receiver is the Schema for the receivers API.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "ReceiverSpec defines the desired state of the Receiver.",
"properties": {
"events": {
"description": "Events specifies the list of event types to handle,\ne.g. 'push' for GitHub or 'Push Hook' for GitLab.",
"items": {
"type": "string"
},
"type": "array"
},
"interval": {
"default": "10m",
"description": "Interval at which to reconcile the Receiver with its Secret references.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$",
"type": "string"
},
"resources": {
"description": "A list of resources to be notified about changes.",
"items": {
"description": "CrossNamespaceObjectReference contains enough information to let you locate the\ntyped referenced object at cluster level",
"properties": {
"apiVersion": {
"description": "API version of the referent",
"type": "string"
},
"kind": {
"description": "Kind of the referent",
"enum": [
"Bucket",
"GitRepository",
"Kustomization",
"HelmRelease",
"HelmChart",
"HelmRepository",
"ImageRepository",
"ImagePolicy",
"ImageUpdateAutomation",
"OCIRepository"
],
"type": "string"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.\nMatchLabels requires the name to be set to `*`.",
"type": "object"
},
"name": {
"description": "Name of the referent\nIf multiple resources are targeted `*` may be set.",
"maxLength": 53,
"minLength": 1,
"type": "string"
},
"namespace": {
"description": "Namespace of the referent",
"maxLength": 53,
"minLength": 1,
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"secretRef": {
"description": "SecretRef specifies the Secret containing the token used\nto validate the payload authenticity.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"suspend": {
"description": "Suspend tells the controller to suspend subsequent\nevents handling for this receiver.",
"type": "boolean"
},
"type": {
"description": "Type of webhook sender, used to determine\nthe validation procedure and payload deserialization.",
"enum": [
"generic",
"generic-hmac",
"github",
"gitlab",
"bitbucket",
"harbor",
"dockerhub",
"quay",
"gcr",
"nexus",
"acr",
"cdevents"
],
"type": "string"
}
},
"required": [
"resources",
"secretRef",
"type"
],
"type": "object",
"additionalProperties": false
},
"status": {
"default": {
"observedGeneration": -1
},
"description": "ReceiverStatus defines the observed state of the Receiver.",
"properties": {
"conditions": {
"description": "Conditions holds the conditions for the Receiver.",
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"lastHandledReconcileAt": {
"description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.",
"type": "string"
},
"observedGeneration": {
"description": "ObservedGeneration is the last observed generation of the Receiver object.",
"format": "int64",
"type": "integer"
},
"webhookPath": {
"description": "WebhookPath is the generated incoming webhook address in the format\nof '/hook/sha256sum(token+name+namespace)'.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

199
notification.toolkit.fluxcd.io/receiver_v1beta1.json Normal file
View File

@ -0,0 +1,199 @@
{
"description": "Receiver is the Schema for the receivers API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "ReceiverSpec defines the desired state of Receiver",
"properties": {
"events": {
"description": "A list of events to handle,\ne.g. 'push' for GitHub or 'Push Hook' for GitLab.",
"items": {
"type": "string"
},
"type": "array"
},
"resources": {
"description": "A list of resources to be notified about changes.",
"items": {
"description": "CrossNamespaceObjectReference contains enough information to let you locate the\ntyped referenced object at cluster level",
"properties": {
"apiVersion": {
"description": "API version of the referent",
"type": "string"
},
"kind": {
"description": "Kind of the referent",
"enum": [
"Bucket",
"GitRepository",
"Kustomization",
"HelmRelease",
"HelmChart",
"HelmRepository",
"ImageRepository",
"ImagePolicy",
"ImageUpdateAutomation",
"OCIRepository"
],
"type": "string"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
},
"name": {
"description": "Name of the referent",
"maxLength": 53,
"minLength": 1,
"type": "string"
},
"namespace": {
"description": "Namespace of the referent",
"maxLength": 53,
"minLength": 1,
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"secretRef": {
"description": "Secret reference containing the token used\nto validate the payload authenticity",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"suspend": {
"description": "This flag tells the controller to suspend subsequent events handling.\nDefaults to false.",
"type": "boolean"
},
"type": {
"description": "Type of webhook sender, used to determine\nthe validation procedure and payload deserialization.",
"enum": [
"generic",
"generic-hmac",
"github",
"gitlab",
"bitbucket",
"harbor",
"dockerhub",
"quay",
"gcr",
"nexus",
"acr"
],
"type": "string"
}
},
"required": [
"resources",
"secretRef",
"type"
],
"type": "object",
"additionalProperties": false
},
"status": {
"default": {
"observedGeneration": -1
},
"description": "ReceiverStatus defines the observed state of Receiver",
"properties": {
"conditions": {
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"observedGeneration": {
"description": "ObservedGeneration is the last observed generation.",
"format": "int64",
"type": "integer"
},
"url": {
"description": "Generated webhook URL in the format\nof '/hook/sha256sum(token+name+namespace)'.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

213
notification.toolkit.fluxcd.io/receiver_v1beta2.json Normal file
View File

@ -0,0 +1,213 @@
{
"description": "Receiver is the Schema for the receivers API.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "ReceiverSpec defines the desired state of the Receiver.",
"properties": {
"events": {
"description": "Events specifies the list of event types to handle,\ne.g. 'push' for GitHub or 'Push Hook' for GitLab.",
"items": {
"type": "string"
},
"type": "array"
},
"interval": {
"description": "Interval at which to reconcile the Receiver with its Secret references.",
"pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$",
"type": "string"
},
"resources": {
"description": "A list of resources to be notified about changes.",
"items": {
"description": "CrossNamespaceObjectReference contains enough information to let you locate the\ntyped referenced object at cluster level",
"properties": {
"apiVersion": {
"description": "API version of the referent",
"type": "string"
},
"kind": {
"description": "Kind of the referent",
"enum": [
"Bucket",
"GitRepository",
"Kustomization",
"HelmRelease",
"HelmChart",
"HelmRepository",
"ImageRepository",
"ImagePolicy",
"ImageUpdateAutomation",
"OCIRepository"
],
"type": "string"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.\nMatchLabels requires the name to be set to `*`.",
"type": "object"
},
"name": {
"description": "Name of the referent\nIf multiple resources are targeted `*` may be set.",
"maxLength": 53,
"minLength": 1,
"type": "string"
},
"namespace": {
"description": "Namespace of the referent",
"maxLength": 53,
"minLength": 1,
"type": "string"
}
},
"required": [
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"secretRef": {
"description": "SecretRef specifies the Secret containing the token used\nto validate the payload authenticity.",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"suspend": {
"description": "Suspend tells the controller to suspend subsequent\nevents handling for this receiver.",
"type": "boolean"
},
"type": {
"description": "Type of webhook sender, used to determine\nthe validation procedure and payload deserialization.",
"enum": [
"generic",
"generic-hmac",
"github",
"gitlab",
"bitbucket",
"harbor",
"dockerhub",
"quay",
"gcr",
"nexus",
"acr"
],
"type": "string"
}
},
"required": [
"resources",
"secretRef",
"type"
],
"type": "object",
"additionalProperties": false
},
"status": {
"default": {
"observedGeneration": -1
},
"description": "ReceiverStatus defines the observed state of the Receiver.",
"properties": {
"conditions": {
"description": "Conditions holds the conditions for the Receiver.",
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"lastHandledReconcileAt": {
"description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.",
"type": "string"
},
"observedGeneration": {
"description": "ObservedGeneration is the last observed generation of the Receiver object.",
"format": "int64",
"type": "integer"
},
"url": {
"description": "URL is the generated incoming webhook address in the format\nof '/hook/sha256sum(token+name+namespace)'.\nDeprecated: Replaced by WebhookPath.",
"type": "string"
},
"webhookPath": {
"description": "WebhookPath is the generated incoming webhook address in the format\nof '/hook/sha256sum(token+name+namespace)'.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

10
objectbucket.io/all-anyOf.json Normal file
View File

@ -0,0 +1,10 @@
{
"anyOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/objectbucket.io/objectbucket_v1alpha1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/objectbucket.io/objectbucketclaim_v1alpha1.json"
}
]
}

10
objectbucket.io/all-oneOf.json Normal file
View File

@ -0,0 +1,10 @@
{
"oneOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/objectbucket.io/objectbucket_v1alpha1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/objectbucket.io/objectbucketclaim_v1alpha1.json"
}
]
}

100
objectbucket.io/objectbucket_v1alpha1.json Normal file
View File

@ -0,0 +1,100 @@
{
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"description": "Standard object metadata.",
"type": "object"
},
"spec": {
"description": "Specification of the desired behavior of the bucket.",
"properties": {
"storageClassName": {
"description": "StorageClass names the StorageClass object representing the desired provisioner and parameters",
"type": "string"
},
"reclaimPolicy": {
"description": "Describes a policy for end-of-life maintenance of ObjectBucket.",
"enum": [
"Delete",
"Retain",
"Recycle"
],
"type": "string"
},
"claimRef": {
"description": "ObjectReference to ObjectBucketClaim",
"type": "object"
},
"endpoint": {
"description": "Endpoint contains all connection relevant data that an app may require for accessing the bucket",
"properties": {
"bucketHost": {
"description": "Bucket address hostname",
"type": "string"
},
"bucketPort": {
"description": "Bucket address port",
"type": "integer"
},
"bucketName": {
"description": "Bucket name",
"type": "string"
},
"region": {
"description": "Bucket region",
"type": "string"
},
"subRegion": {
"description": "Bucket sub-region",
"type": "string"
},
"additionalConfig": {
"description": "AdditionalConfig gives providers a location to set proprietary config values (tenant, namespace, etc)",
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"additionalProperties": false
},
"additionalState": {
"description": "additionalState gives providers a location to set proprietary config values (tenant, namespace, etc)",
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"required": [
"storageClassName"
],
"type": "object",
"additionalProperties": false
},
"status": {
"description": "Most recently observed status of the bucket.",
"properties": {
"phase": {
"description": "ObjectBucketStatusPhase is set by the controller to save the state of the provisioning process",
"enum": [
"Bound",
"Released",
"Failed"
],
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
}
}

62
objectbucket.io/objectbucketclaim_v1alpha1.json Normal file
View File

@ -0,0 +1,62 @@
{
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"description": "Standard object metadata.",
"type": "object"
},
"spec": {
"description": "Specification of the desired behavior of the claim.",
"properties": {
"storageClassName": {
"description": "StorageClass names the StorageClass object representing the desired provisioner and parameters",
"type": "string"
},
"bucketName": {
"description": "BucketName (not recommended) the name of the bucket. Caution! In-store bucket names may collide across namespaces. If you define the name yourself, try to make it as unique as possible.",
"type": "string"
},
"generateBucketName": {
"description": "GenerateBucketName (recommended) a prefix for a bucket name to be followed by a hyphen and 5 random characters. Protects against in-store name collisions.",
"type": "string"
},
"additionalConfig": {
"description": "AdditionalConfig gives providers a location to set proprietary config values (tenant, namespace, etc)",
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"required": [
"storageClassName"
],
"type": "object",
"additionalProperties": false
},
"status": {
"description": "Most recently observed status of the claim.",
"properties": {
"phase": {
"description": "ObjectBucketClaimStatusPhase is set by the controller to save the state of the provisioning process",
"enum": [
"Pending",
"Bound",
"Released",
"Failed"
],
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
}
}

22
postgresql.cnpg.io/all-anyOf.json Normal file
View File

@ -0,0 +1,22 @@
{
"anyOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/postgresql.cnpg.io/backup_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/postgresql.cnpg.io/cluster_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/postgresql.cnpg.io/clusterimagecatalog_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/postgresql.cnpg.io/imagecatalog_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/postgresql.cnpg.io/pooler_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/postgresql.cnpg.io/scheduledbackup_v1.json"
}
]
}

22
postgresql.cnpg.io/all-oneOf.json Normal file
View File

@ -0,0 +1,22 @@
{
"oneOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/postgresql.cnpg.io/backup_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/postgresql.cnpg.io/cluster_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/postgresql.cnpg.io/clusterimagecatalog_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/postgresql.cnpg.io/imagecatalog_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/postgresql.cnpg.io/pooler_v1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/postgresql.cnpg.io/scheduledbackup_v1.json"
}
]
}

467
postgresql.cnpg.io/backup_v1.json Normal file
View File

@ -0,0 +1,467 @@
{
"description": "Backup is the Schema for the backups API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "Specification of the desired behavior of the backup.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status",
"properties": {
"cluster": {
"description": "The cluster to backup",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"method": {
"default": "barmanObjectStore",
"description": "The backup method to be used, possible options are `barmanObjectStore`,\n`volumeSnapshot` or `plugin`. Defaults to: `barmanObjectStore`.",
"enum": [
"barmanObjectStore",
"volumeSnapshot",
"plugin"
],
"type": "string"
},
"online": {
"description": "Whether the default type of backup with volume snapshots is\nonline/hot (`true`, default) or offline/cold (`false`)\nOverrides the default setting specified in the cluster field '.spec.backup.volumeSnapshot.online'",
"type": "boolean"
},
"onlineConfiguration": {
"description": "Configuration parameters to control the online/hot backup with volume snapshots\nOverrides the default settings specified in the cluster '.backup.volumeSnapshot.onlineConfiguration' stanza",
"properties": {
"immediateCheckpoint": {
"description": "Control whether the I/O workload for the backup initial checkpoint will\nbe limited, according to the `checkpoint_completion_target` setting on\nthe PostgreSQL server. If set to true, an immediate checkpoint will be\nused, meaning PostgreSQL will complete the checkpoint as soon as\npossible. `false` by default.",
"type": "boolean"
},
"waitForArchive": {
"default": true,
"description": "If false, the function will return immediately after the backup is completed,\nwithout waiting for WAL to be archived.\nThis behavior is only useful with backup software that independently monitors WAL archiving.\nOtherwise, WAL required to make the backup consistent might be missing and make the backup useless.\nBy default, or when this parameter is true, pg_backup_stop will wait for WAL to be archived when archiving is\nenabled.\nOn a standby, this means that it will wait only when archive_mode = always.\nIf write activity on the primary is low, it may be useful to run pg_switch_wal on the primary in order to trigger\nan immediate segment switch.",
"type": "boolean"
}
},
"type": "object",
"additionalProperties": false
},
"pluginConfiguration": {
"description": "Configuration parameters passed to the plugin managing this backup",
"properties": {
"name": {
"description": "Name is the name of the plugin managing this backup",
"type": "string"
},
"parameters": {
"additionalProperties": {
"type": "string"
},
"description": "Parameters are the configuration parameters passed to the backup\nplugin for this backup",
"type": "object"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"target": {
"description": "The policy to decide which instance should perform this backup. If empty,\nit defaults to `cluster.spec.backup.target`.\nAvailable options are empty string, `primary` and `prefer-standby`.\n`primary` to have backups run always on primary instances,\n`prefer-standby` to have backups run preferably on the most updated\nstandby, if available.",
"enum": [
"primary",
"prefer-standby"
],
"type": "string"
}
},
"required": [
"cluster"
],
"type": "object",
"additionalProperties": false
},
"status": {
"description": "Most recently observed status of the backup. This data may not be up to\ndate. Populated by the system. Read-only.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status",
"properties": {
"azureCredentials": {
"description": "The credentials to use to upload data to Azure Blob Storage",
"properties": {
"connectionString": {
"description": "The connection string to be used",
"properties": {
"key": {
"description": "The key to select",
"type": "string"
},
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"key",
"name"
],
"type": "object",
"additionalProperties": false
},
"inheritFromAzureAD": {
"description": "Use the Azure AD based authentication without providing explicitly the keys.",
"type": "boolean"
},
"storageAccount": {
"description": "The storage account where to upload data",
"properties": {
"key": {
"description": "The key to select",
"type": "string"
},
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"key",
"name"
],
"type": "object",
"additionalProperties": false
},
"storageKey": {
"description": "The storage account key to be used in conjunction\nwith the storage account name",
"properties": {
"key": {
"description": "The key to select",
"type": "string"
},
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"key",
"name"
],
"type": "object",
"additionalProperties": false
},
"storageSasToken": {
"description": "A shared-access-signature to be used in conjunction with\nthe storage account name",
"properties": {
"key": {
"description": "The key to select",
"type": "string"
},
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"key",
"name"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"backupId": {
"description": "The ID of the Barman backup",
"type": "string"
},
"backupLabelFile": {
"description": "Backup label file content as returned by Postgres in case of online (hot) backups",
"format": "byte",
"type": "string"
},
"backupName": {
"description": "The Name of the Barman backup",
"type": "string"
},
"beginLSN": {
"description": "The starting xlog",
"type": "string"
},
"beginWal": {
"description": "The starting WAL",
"type": "string"
},
"commandError": {
"description": "The backup command output in case of error",
"type": "string"
},
"commandOutput": {
"description": "Unused. Retained for compatibility with old versions.",
"type": "string"
},
"destinationPath": {
"description": "The path where to store the backup (i.e. s3://bucket/path/to/folder)\nthis path, with different destination folders, will be used for WALs\nand for data. This may not be populated in case of errors.",
"type": "string"
},
"encryption": {
"description": "Encryption method required to S3 API",
"type": "string"
},
"endLSN": {
"description": "The ending xlog",
"type": "string"
},
"endWal": {
"description": "The ending WAL",
"type": "string"
},
"endpointCA": {
"description": "EndpointCA store the CA bundle of the barman endpoint.\nUseful when using self-signed certificates to avoid\nerrors with certificate issuer and barman-cloud-wal-archive.",
"properties": {
"key": {
"description": "The key to select",
"type": "string"
},
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"key",
"name"
],
"type": "object",
"additionalProperties": false
},
"endpointURL": {
"description": "Endpoint to be used to upload data to the cloud,\noverriding the automatic endpoint discovery",
"type": "string"
},
"error": {
"description": "The detected error",
"type": "string"
},
"googleCredentials": {
"description": "The credentials to use to upload data to Google Cloud Storage",
"properties": {
"applicationCredentials": {
"description": "The secret containing the Google Cloud Storage JSON file with the credentials",
"properties": {
"key": {
"description": "The key to select",
"type": "string"
},
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"key",
"name"
],
"type": "object",
"additionalProperties": false
},
"gkeEnvironment": {
"description": "If set to true, will presume that it's running inside a GKE environment,\ndefault to false.",
"type": "boolean"
}
},
"type": "object",
"additionalProperties": false
},
"instanceID": {
"description": "Information to identify the instance where the backup has been taken from",
"properties": {
"ContainerID": {
"description": "The container ID",
"type": "string"
},
"podName": {
"description": "The pod name",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"method": {
"description": "The backup method being used",
"type": "string"
},
"online": {
"description": "Whether the backup was online/hot (`true`) or offline/cold (`false`)",
"type": "boolean"
},
"phase": {
"description": "The last backup status",
"type": "string"
},
"s3Credentials": {
"description": "The credentials to use to upload data to S3",
"properties": {
"accessKeyId": {
"description": "The reference to the access key id",
"properties": {
"key": {
"description": "The key to select",
"type": "string"
},
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"key",
"name"
],
"type": "object",
"additionalProperties": false
},
"inheritFromIAMRole": {
"description": "Use the role based authentication without providing explicitly the keys.",
"type": "boolean"
},
"region": {
"description": "The reference to the secret containing the region name",
"properties": {
"key": {
"description": "The key to select",
"type": "string"
},
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"key",
"name"
],
"type": "object",
"additionalProperties": false
},
"secretAccessKey": {
"description": "The reference to the secret access key",
"properties": {
"key": {
"description": "The key to select",
"type": "string"
},
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"key",
"name"
],
"type": "object",
"additionalProperties": false
},
"sessionToken": {
"description": "The references to the session key",
"properties": {
"key": {
"description": "The key to select",
"type": "string"
},
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"key",
"name"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"serverName": {
"description": "The server name on S3, the cluster name is used if this\nparameter is omitted",
"type": "string"
},
"snapshotBackupStatus": {
"description": "Status of the volumeSnapshot backup",
"properties": {
"elements": {
"description": "The elements list, populated with the gathered volume snapshots",
"items": {
"description": "BackupSnapshotElementStatus is a volume snapshot that is part of a volume snapshot method backup",
"properties": {
"name": {
"description": "Name is the snapshot resource name",
"type": "string"
},
"tablespaceName": {
"description": "TablespaceName is the name of the snapshotted tablespace. Only set\nwhen type is PG_TABLESPACE",
"type": "string"
},
"type": {
"description": "Type is tho role of the snapshot in the cluster, such as PG_DATA, PG_WAL and PG_TABLESPACE",
"type": "string"
}
},
"required": [
"name",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"startedAt": {
"description": "When the backup was started",
"format": "date-time",
"type": "string"
},
"stoppedAt": {
"description": "When the backup was terminated",
"format": "date-time",
"type": "string"
},
"tablespaceMapFile": {
"description": "Tablespace map file content as returned by Postgres in case of online (hot) backups",
"format": "byte",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"metadata",
"spec"
],
"type": "object"
}

5574
postgresql.cnpg.io/cluster_v1.json Normal file
View File

File diff suppressed because it is too large Load Diff

63
postgresql.cnpg.io/clusterimagecatalog_v1.json Normal file
View File

@ -0,0 +1,63 @@
{
"description": "ClusterImageCatalog is the Schema for the clusterimagecatalogs API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "Specification of the desired behavior of the ClusterImageCatalog.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status",
"properties": {
"images": {
"description": "List of CatalogImages available in the catalog",
"items": {
"description": "CatalogImage defines the image and major version",
"properties": {
"image": {
"description": "The image reference",
"type": "string"
},
"major": {
"description": "The PostgreSQL major version of the image. Must be unique within the catalog.",
"minimum": 10,
"type": "integer"
}
},
"required": [
"image",
"major"
],
"type": "object",
"additionalProperties": false
},
"maxItems": 8,
"minItems": 1,
"type": "array",
"x-kubernetes-validations": [
{
"message": "Images must have unique major versions",
"rule": "self.all(e, self.filter(f, f.major==e.major).size() == 1)"
}
]
}
},
"required": [
"images"
],
"type": "object",
"additionalProperties": false
}
},
"required": [
"metadata",
"spec"
],
"type": "object"
}

63
postgresql.cnpg.io/imagecatalog_v1.json Normal file
View File

@ -0,0 +1,63 @@
{
"description": "ImageCatalog is the Schema for the imagecatalogs API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "Specification of the desired behavior of the ImageCatalog.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status",
"properties": {
"images": {
"description": "List of CatalogImages available in the catalog",
"items": {
"description": "CatalogImage defines the image and major version",
"properties": {
"image": {
"description": "The image reference",
"type": "string"
},
"major": {
"description": "The PostgreSQL major version of the image. Must be unique within the catalog.",
"minimum": 10,
"type": "integer"
}
},
"required": [
"image",
"major"
],
"type": "object",
"additionalProperties": false
},
"maxItems": 8,
"minItems": 1,
"type": "array",
"x-kubernetes-validations": [
{
"message": "Images must have unique major versions",
"rule": "self.all(e, self.filter(f, f.major==e.major).size() == 1)"
}
]
}
},
"required": [
"images"
],
"type": "object",
"additionalProperties": false
}
},
"required": [
"metadata",
"spec"
],
"type": "object"
}

7474
postgresql.cnpg.io/pooler_v1.json Normal file
View File

File diff suppressed because it is too large Load Diff

149
postgresql.cnpg.io/scheduledbackup_v1.json Normal file
View File

@ -0,0 +1,149 @@
{
"description": "ScheduledBackup is the Schema for the scheduledbackups API",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "Specification of the desired behavior of the ScheduledBackup.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status",
"properties": {
"backupOwnerReference": {
"default": "none",
"description": "Indicates which ownerReference should be put inside the created backup resources.<br />\n- none: no owner reference for created backup objects (same behavior as before the field was introduced)<br />\n- self: sets the Scheduled backup object as owner of the backup<br />\n- cluster: set the cluster as owner of the backup<br />",
"enum": [
"none",
"self",
"cluster"
],
"type": "string"
},
"cluster": {
"description": "The cluster to backup",
"properties": {
"name": {
"description": "Name of the referent.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"immediate": {
"description": "If the first backup has to be immediately start after creation or not",
"type": "boolean"
},
"method": {
"default": "barmanObjectStore",
"description": "The backup method to be used, possible options are `barmanObjectStore`,\n`volumeSnapshot` or `plugin`. Defaults to: `barmanObjectStore`.",
"enum": [
"barmanObjectStore",
"volumeSnapshot",
"plugin"
],
"type": "string"
},
"online": {
"description": "Whether the default type of backup with volume snapshots is\nonline/hot (`true`, default) or offline/cold (`false`)\nOverrides the default setting specified in the cluster field '.spec.backup.volumeSnapshot.online'",
"type": "boolean"
},
"onlineConfiguration": {
"description": "Configuration parameters to control the online/hot backup with volume snapshots\nOverrides the default settings specified in the cluster '.backup.volumeSnapshot.onlineConfiguration' stanza",
"properties": {
"immediateCheckpoint": {
"description": "Control whether the I/O workload for the backup initial checkpoint will\nbe limited, according to the `checkpoint_completion_target` setting on\nthe PostgreSQL server. If set to true, an immediate checkpoint will be\nused, meaning PostgreSQL will complete the checkpoint as soon as\npossible. `false` by default.",
"type": "boolean"
},
"waitForArchive": {
"default": true,
"description": "If false, the function will return immediately after the backup is completed,\nwithout waiting for WAL to be archived.\nThis behavior is only useful with backup software that independently monitors WAL archiving.\nOtherwise, WAL required to make the backup consistent might be missing and make the backup useless.\nBy default, or when this parameter is true, pg_backup_stop will wait for WAL to be archived when archiving is\nenabled.\nOn a standby, this means that it will wait only when archive_mode = always.\nIf write activity on the primary is low, it may be useful to run pg_switch_wal on the primary in order to trigger\nan immediate segment switch.",
"type": "boolean"
}
},
"type": "object",
"additionalProperties": false
},
"pluginConfiguration": {
"description": "Configuration parameters passed to the plugin managing this backup",
"properties": {
"name": {
"description": "Name is the name of the plugin managing this backup",
"type": "string"
},
"parameters": {
"additionalProperties": {
"type": "string"
},
"description": "Parameters are the configuration parameters passed to the backup\nplugin for this backup",
"type": "object"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"schedule": {
"description": "The schedule does not follow the same format used in Kubernetes CronJobs\nas it includes an additional seconds specifier,\nsee https://pkg.go.dev/github.com/robfig/cron#hdr-CRON_Expression_Format",
"type": "string"
},
"suspend": {
"description": "If this backup is suspended or not",
"type": "boolean"
},
"target": {
"description": "The policy to decide which instance should perform this backup. If empty,\nit defaults to `cluster.spec.backup.target`.\nAvailable options are empty string, `primary` and `prefer-standby`.\n`primary` to have backups run always on primary instances,\n`prefer-standby` to have backups run preferably on the most updated\nstandby, if available.",
"enum": [
"primary",
"prefer-standby"
],
"type": "string"
}
},
"required": [
"cluster",
"schedule"
],
"type": "object",
"additionalProperties": false
},
"status": {
"description": "Most recently observed status of the ScheduledBackup. This data may not be up\nto date. Populated by the system. Read-only.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status",
"properties": {
"lastCheckTime": {
"description": "The latest time the schedule",
"format": "date-time",
"type": "string"
},
"lastScheduleTime": {
"description": "Information when was the last time that backup was successfully scheduled.",
"format": "date-time",
"type": "string"
},
"nextScheduleTime": {
"description": "Next time we will run a backup",
"format": "date-time",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"metadata",
"spec"
],
"type": "object"
}

856
projectcalico.org/adminnetworkpolicy_v3alpha1.json Normal file
View File

@ -0,0 +1,856 @@
{
"description": "AdminNetworkPolicy is a cluster level resource that is part of the\nAdminNetworkPolicy API.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "Specification of the desired behavior of AdminNetworkPolicy.",
"properties": {
"egress": {
"description": "Egress is the list of Egress rules to be applied to the selected pods.\nA total of 100 rules will be allowed in each ANP instance.\nThe relative precedence of egress rules within a single ANP object (all of\nwhich share the priority) will be determined by the order in which the rule\nis written. Thus, a rule that appears at the top of the egress rules\nwould take the highest precedence.\nANPs with no egress rules do not affect egress traffic.\n\n\nSupport: Core",
"items": {
"description": "AdminNetworkPolicyEgressRule describes an action to take on a particular\nset of traffic originating from pods selected by a AdminNetworkPolicy's\nSubject field.\n<network-policy-api:experimental:validation>",
"properties": {
"action": {
"description": "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic (even if it would otherwise have been denied by NetworkPolicy)\nDeny: denies the selected traffic\nPass: instructs the selected traffic to skip any remaining ANP rules, and\nthen pass execution to any NetworkPolicies that select the pod.\nIf the pod is not selected by any NetworkPolicies then execution\nis passed to any BaselineAdminNetworkPolicies that select the pod.\n\n\nSupport: Core",
"enum": [
"Allow",
"Deny",
"Pass"
],
"type": "string"
},
"name": {
"description": "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nAdminNetworkPolicies.\n\n\nSupport: Core",
"maxLength": 100,
"type": "string"
},
"ports": {
"description": "Ports allows for matching traffic based on port and protocols.\nThis field is a list of destination ports for the outgoing egress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\n\nSupport: Core",
"items": {
"description": "AdminNetworkPolicyPort describes how to select network ports on pod(s).\nExactly one field must be set.",
"maxProperties": 1,
"minProperties": 1,
"properties": {
"namedPort": {
"description": "NamedPort selects a port on a pod(s) based on name.\n\n\nSupport: Extended\n\n\n<network-policy-api:experimental>",
"type": "string"
},
"portNumber": {
"description": "Port selects a port on a pod(s) based on number.\n\n\nSupport: Core",
"properties": {
"port": {
"description": "Number defines a network port value.\n\n\nSupport: Core",
"format": "int32",
"maximum": 65535,
"minimum": 1,
"type": "integer"
},
"protocol": {
"default": "TCP",
"description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core",
"type": "string"
}
},
"required": [
"port",
"protocol"
],
"type": "object",
"additionalProperties": false
},
"portRange": {
"description": "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\n\nSupport: Core",
"properties": {
"end": {
"description": "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\n\nSupport: Core",
"format": "int32",
"maximum": 65535,
"minimum": 1,
"type": "integer"
},
"protocol": {
"default": "TCP",
"description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core",
"type": "string"
},
"start": {
"description": "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\n\nSupport: Core",
"format": "int32",
"maximum": 65535,
"minimum": 1,
"type": "integer"
}
},
"required": [
"end",
"start"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"maxItems": 100,
"type": "array"
},
"to": {
"description": "To is the List of destinations whose traffic this rule applies to.\nIf any AdminNetworkPolicyEgressPeer matches the destination of outgoing\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\n\nSupport: Core",
"items": {
"description": "AdminNetworkPolicyEgressPeer defines a peer to allow traffic to.\nExactly one of the selector pointers must be set for a given peer. If a\nconsumer observes none of its fields are set, they must assume an unknown\noption has been specified and fail closed.",
"maxProperties": 1,
"minProperties": 1,
"properties": {
"namespaces": {
"description": "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\n\nSupport: Core",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"key",
"operator"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"networks": {
"description": "Networks defines a way to select peers via CIDR blocks.\nThis is intended for representing entities that live outside the cluster,\nwhich can't be selected by pods, namespaces and nodes peers, but note\nthat cluster-internal traffic will be checked against the rule as\nwell. So if you Allow or Deny traffic to `\"0.0.0.0/0\"`, that will allow\nor deny all IPv4 pod-to-pod traffic as well. If you don't want that,\nadd a rule that Passes all pod traffic before the Networks rule.\n\n\nEach item in Networks should be provided in the CIDR format and should be\nIPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".\n\n\nNetworks can have upto 25 CIDRs specified.\n\n\nSupport: Extended\n\n\n<network-policy-api:experimental>",
"items": {
"description": "CIDR is an IP address range in CIDR notation (for example, \"10.0.0.0/8\" or \"fd00::/8\").\nThis string must be validated by implementations using net.ParseCIDR\nTODO: Introduce CEL CIDR validation regex isCIDR() in Kube 1.31 when it is available.",
"maxLength": 43,
"type": "string",
"x-kubernetes-validations": [
{
"message": "CIDR must be either an IPv4 or IPv6 address. IPv4 address embedded in IPv6 addresses are not supported",
"rule": "self.contains(':') != self.contains('.')"
}
]
},
"maxItems": 25,
"minItems": 1,
"type": "array",
"x-kubernetes-list-type": "set"
},
"nodes": {
"description": "Nodes defines a way to select a set of nodes in\nthe cluster. This field follows standard label selector\nsemantics; if present but empty, it selects all Nodes.\n\n\nSupport: Extended\n\n\n<network-policy-api:experimental>",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"key",
"operator"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"pods": {
"description": "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\n\nSupport: Core",
"properties": {
"namespaceSelector": {
"description": "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces.",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"key",
"operator"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"podSelector": {
"description": "PodSelector is used to explicitly select pods within a namespace; if empty,\nit selects all Pods.",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"key",
"operator"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
}
},
"required": [
"namespaceSelector",
"podSelector"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"maxItems": 100,
"minItems": 1,
"type": "array"
}
},
"required": [
"action",
"to"
],
"type": "object",
"x-kubernetes-validations": [
{
"message": "networks/nodes peer cannot be set with namedPorts since there are no namedPorts for networks/nodes",
"rule": "!(self.to.exists(peer, has(peer.networks) || has(peer.nodes)) && has(self.ports) && self.ports.exists(port, has(port.namedPort)))"
}
],
"additionalProperties": false
},
"maxItems": 100,
"type": "array"
},
"ingress": {
"description": "Ingress is the list of Ingress rules to be applied to the selected pods.\nA total of 100 rules will be allowed in each ANP instance.\nThe relative precedence of ingress rules within a single ANP object (all of\nwhich share the priority) will be determined by the order in which the rule\nis written. Thus, a rule that appears at the top of the ingress rules\nwould take the highest precedence.\nANPs with no ingress rules do not affect ingress traffic.\n\n\nSupport: Core",
"items": {
"description": "AdminNetworkPolicyIngressRule describes an action to take on a particular\nset of traffic destined for pods selected by an AdminNetworkPolicy's\nSubject field.",
"properties": {
"action": {
"description": "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic (even if it would otherwise have been denied by NetworkPolicy)\nDeny: denies the selected traffic\nPass: instructs the selected traffic to skip any remaining ANP rules, and\nthen pass execution to any NetworkPolicies that select the pod.\nIf the pod is not selected by any NetworkPolicies then execution\nis passed to any BaselineAdminNetworkPolicies that select the pod.\n\n\nSupport: Core",
"enum": [
"Allow",
"Deny",
"Pass"
],
"type": "string"
},
"from": {
"description": "From is the list of sources whose traffic this rule applies to.\nIf any AdminNetworkPolicyIngressPeer matches the source of incoming\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\n\nSupport: Core",
"items": {
"description": "AdminNetworkPolicyIngressPeer defines an in-cluster peer to allow traffic from.\nExactly one of the selector pointers must be set for a given peer. If a\nconsumer observes none of its fields are set, they must assume an unknown\noption has been specified and fail closed.",
"maxProperties": 1,
"minProperties": 1,
"properties": {
"namespaces": {
"description": "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\n\nSupport: Core",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"key",
"operator"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"pods": {
"description": "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\n\nSupport: Core",
"properties": {
"namespaceSelector": {
"description": "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces.",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"key",
"operator"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"podSelector": {
"description": "PodSelector is used to explicitly select pods within a namespace; if empty,\nit selects all Pods.",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"key",
"operator"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
}
},
"required": [
"namespaceSelector",
"podSelector"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"maxItems": 100,
"minItems": 1,
"type": "array"
},
"name": {
"description": "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nAdminNetworkPolicies.\n\n\nSupport: Core",
"maxLength": 100,
"type": "string"
},
"ports": {
"description": "Ports allows for matching traffic based on port and protocols.\nThis field is a list of ports which should be matched on\nthe pods selected for this policy i.e the subject of the policy.\nSo it matches on the destination port for the ingress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\n\nSupport: Core",
"items": {
"description": "AdminNetworkPolicyPort describes how to select network ports on pod(s).\nExactly one field must be set.",
"maxProperties": 1,
"minProperties": 1,
"properties": {
"namedPort": {
"description": "NamedPort selects a port on a pod(s) based on name.\n\n\nSupport: Extended\n\n\n<network-policy-api:experimental>",
"type": "string"
},
"portNumber": {
"description": "Port selects a port on a pod(s) based on number.\n\n\nSupport: Core",
"properties": {
"port": {
"description": "Number defines a network port value.\n\n\nSupport: Core",
"format": "int32",
"maximum": 65535,
"minimum": 1,
"type": "integer"
},
"protocol": {
"default": "TCP",
"description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core",
"type": "string"
}
},
"required": [
"port",
"protocol"
],
"type": "object",
"additionalProperties": false
},
"portRange": {
"description": "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\n\nSupport: Core",
"properties": {
"end": {
"description": "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\n\nSupport: Core",
"format": "int32",
"maximum": 65535,
"minimum": 1,
"type": "integer"
},
"protocol": {
"default": "TCP",
"description": "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core",
"type": "string"
},
"start": {
"description": "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\n\nSupport: Core",
"format": "int32",
"maximum": 65535,
"minimum": 1,
"type": "integer"
}
},
"required": [
"end",
"start"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"maxItems": 100,
"type": "array"
}
},
"required": [
"action",
"from"
],
"type": "object",
"additionalProperties": false
},
"maxItems": 100,
"type": "array"
},
"priority": {
"description": "Priority is a value from 0 to 1000. Rules with lower priority values have\nhigher precedence, and are checked before rules with higher priority values.\nAll AdminNetworkPolicy rules have higher precedence than NetworkPolicy or\nBaselineAdminNetworkPolicy rules\nThe behavior is undefined if two ANP objects have same priority.\n\n\nSupport: Core",
"format": "int32",
"maximum": 1000,
"minimum": 0,
"type": "integer"
},
"subject": {
"description": "Subject defines the pods to which this AdminNetworkPolicy applies.\nNote that host-networked pods are not included in subject selection.\n\n\nSupport: Core",
"maxProperties": 1,
"minProperties": 1,
"properties": {
"namespaces": {
"description": "Namespaces is used to select pods via namespace selectors.",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"key",
"operator"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"pods": {
"description": "Pods is used to select pods via namespace AND pod selectors.",
"properties": {
"namespaceSelector": {
"description": "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces.",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"key",
"operator"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
},
"podSelector": {
"description": "PodSelector is used to explicitly select pods within a namespace; if empty,\nit selects all Pods.",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
"properties": {
"key": {
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"key",
"operator"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"matchLabels": {
"additionalProperties": {
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic",
"additionalProperties": false
}
},
"required": [
"namespaceSelector",
"podSelector"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"priority",
"subject"
],
"type": "object",
"additionalProperties": false
},
"status": {
"description": "Status is the status to be reported by the implementation.",
"properties": {
"conditions": {
"items": {
"description": "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}",
"properties": {
"lastTransitionTime": {
"description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
"format": "date-time",
"type": "string"
},
"message": {
"description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.",
"maxLength": 32768,
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
"format": "int64",
"minimum": 0,
"type": "integer"
},
"reason": {
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.",
"maxLength": 1024,
"minLength": 1,
"pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$",
"type": "string"
},
"status": {
"description": "status of the condition, one of True, False, Unknown.",
"enum": [
"True",
"False",
"Unknown"
],
"type": "string"
},
"type": {
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)",
"maxLength": 316,
"pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$",
"type": "string"
}
},
"required": [
"lastTransitionTime",
"message",
"reason",
"status",
"type"
],
"type": "object",
"additionalProperties": false
},
"type": "array",
"x-kubernetes-list-map-keys": [
"type"
],
"x-kubernetes-list-type": "map"
}
},
"required": [
"conditions"
],
"type": "object",
"additionalProperties": false
}
},
"required": [
"metadata",
"spec"
],
"type": "object"
}

64
projectcalico.org/all-anyOf.json Normal file
View File

@ -0,0 +1,64 @@
{
"anyOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/adminnetworkpolicy_v3alpha1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/bgpconfiguration_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/bgpfilter_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/bgppeer_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/blockaffinity_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/caliconodestatus_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/clusterinformation_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/felixconfiguration_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/globalnetworkpolicy_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/globalnetworkset_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/hostendpoint_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/ipamblock_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/ipamconfig_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/ipamhandle_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/ippool_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/ipreservation_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/kubecontrollersconfiguration_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/networkpolicy_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/networkset_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/tier_v3.json"
}
]
}

64
projectcalico.org/all-oneOf.json Normal file
View File

@ -0,0 +1,64 @@
{
"oneOf": [
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/adminnetworkpolicy_v3alpha1.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/bgpconfiguration_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/bgpfilter_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/bgppeer_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/blockaffinity_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/caliconodestatus_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/clusterinformation_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/felixconfiguration_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/globalnetworkpolicy_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/globalnetworkset_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/hostendpoint_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/ipamblock_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/ipamconfig_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/ipamhandle_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/ippool_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/ipreservation_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/kubecontrollersconfiguration_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/networkpolicy_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/networkset_v3.json"
},
{
"$ref": "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/projectcalico.org/tier_v3.json"
}
]
}

171
projectcalico.org/bgpconfiguration_v3.json Normal file
View File

@ -0,0 +1,171 @@
{
"description": "BGPConfiguration contains the configuration for any BGP routing.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "BGPConfigurationSpec contains the values of the BGP configuration.",
"properties": {
"asNumber": {
"description": "ASNumber is the default AS number used by a node. [Default: 64512]",
"format": "int32",
"type": "integer"
},
"bindMode": {
"description": "BindMode indicates whether to listen for BGP connections on all addresses (None) or only on the node's canonical IP address Node.Spec.BGP.IPvXAddress (NodeIP). Default behaviour is to listen for BGP connections on all addresses.",
"type": "string"
},
"communities": {
"description": "Communities is a list of BGP community values and their arbitrary names for tagging routes.",
"items": {
"description": "Community contains standard or large community value and its name.",
"properties": {
"name": {
"description": "Name given to community value.",
"type": "string"
},
"value": {
"description": "Value must be of format `aa:nn` or `aa:nn:mm`. For standard community use `aa:nn` format, where `aa` and `nn` are 16 bit number. For large community use `aa:nn:mm` format, where `aa`, `nn` and `mm` are 32 bit number. Where, `aa` is an AS Number, `nn` and `mm` are per-AS identifier.",
"pattern": "^(\\d+):(\\d+)$|^(\\d+):(\\d+):(\\d+)$",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"ignoredInterfaces": {
"description": "IgnoredInterfaces indicates the network interfaces that needs to be excluded when reading device routes.",
"items": {
"type": "string"
},
"type": "array"
},
"listenPort": {
"description": "ListenPort is the port where BGP protocol should listen. Defaults to 179",
"maximum": 65535,
"minimum": 1,
"type": "integer"
},
"logSeverityScreen": {
"description": "LogSeverityScreen is the log severity above which logs are sent to the stdout. [Default: INFO]",
"type": "string"
},
"nodeMeshMaxRestartTime": {
"description": "Time to allow for software restart for node-to-mesh peerings. When specified, this is configured as the graceful restart timeout. When not specified, the BIRD default of 120s is used. This field can only be set on the default BGPConfiguration instance and requires that NodeMesh is enabled",
"type": "string"
},
"nodeMeshPassword": {
"description": "Optional BGP password for full node-to-mesh peerings. This field can only be set on the default BGPConfiguration instance and requires that NodeMesh is enabled",
"properties": {
"secretKeyRef": {
"description": "Selects a key of a secret in the node pod's namespace.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"nodeToNodeMeshEnabled": {
"description": "NodeToNodeMeshEnabled sets whether full node to node BGP mesh is enabled. [Default: true]",
"type": "boolean"
},
"prefixAdvertisements": {
"description": "PrefixAdvertisements contains per-prefix advertisement configuration.",
"items": {
"description": "PrefixAdvertisement configures advertisement properties for the specified CIDR.",
"properties": {
"cidr": {
"description": "CIDR for which properties should be advertised.",
"type": "string"
},
"communities": {
"description": "Communities can be list of either community names already defined in `Specs.Communities` or community value of format `aa:nn` or `aa:nn:mm`. For standard community use `aa:nn` format, where `aa` and `nn` are 16 bit number. For large community use `aa:nn:mm` format, where `aa`, `nn` and `mm` are 32 bit number. Where,`aa` is an AS Number, `nn` and `mm` are per-AS identifier.",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"serviceClusterIPs": {
"description": "ServiceClusterIPs are the CIDR blocks from which service cluster IPs are allocated. If specified, Calico will advertise these blocks, as well as any cluster IPs within them.",
"items": {
"description": "ServiceClusterIPBlock represents a single allowed ClusterIP CIDR block.",
"properties": {
"cidr": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"serviceExternalIPs": {
"description": "ServiceExternalIPs are the CIDR blocks for Kubernetes Service External IPs. Kubernetes Service ExternalIPs will only be advertised if they are within one of these blocks.",
"items": {
"description": "ServiceExternalIPBlock represents a single allowed External IP CIDR block.",
"properties": {
"cidr": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"serviceLoadBalancerIPs": {
"description": "ServiceLoadBalancerIPs are the CIDR blocks for Kubernetes Service LoadBalancer IPs. Kubernetes Service status.LoadBalancer.Ingress IPs will only be advertised if they are within one of these blocks.",
"items": {
"description": "ServiceLoadBalancerIPBlock represents a single allowed LoadBalancer IP CIDR block.",
"properties": {
"cidr": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

211
projectcalico.org/bgpfilter_v3.json Normal file
View File

@ -0,0 +1,211 @@
{
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "BGPFilterSpec contains the IPv4 and IPv6 filter rules of the BGP Filter.",
"properties": {
"exportV4": {
"description": "The ordered set of IPv4 BGPFilter rules acting on exporting routes to a peer.",
"items": {
"description": "BGPFilterRuleV4 defines a BGP filter rule consisting a single IPv4 CIDR block and a filter action for this CIDR.",
"properties": {
"action": {
"type": "string"
},
"cidr": {
"type": "string"
},
"interface": {
"type": "string"
},
"matchOperator": {
"type": "string"
},
"prefixLength": {
"properties": {
"max": {
"format": "int32",
"maximum": 32,
"minimum": 0,
"type": "integer"
},
"min": {
"format": "int32",
"maximum": 32,
"minimum": 0,
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
},
"source": {
"type": "string"
}
},
"required": [
"action"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"exportV6": {
"description": "The ordered set of IPv6 BGPFilter rules acting on exporting routes to a peer.",
"items": {
"description": "BGPFilterRuleV6 defines a BGP filter rule consisting a single IPv6 CIDR block and a filter action for this CIDR.",
"properties": {
"action": {
"type": "string"
},
"cidr": {
"type": "string"
},
"interface": {
"type": "string"
},
"matchOperator": {
"type": "string"
},
"prefixLength": {
"properties": {
"max": {
"format": "int32",
"maximum": 128,
"minimum": 0,
"type": "integer"
},
"min": {
"format": "int32",
"maximum": 128,
"minimum": 0,
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
},
"source": {
"type": "string"
}
},
"required": [
"action"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"importV4": {
"description": "The ordered set of IPv4 BGPFilter rules acting on importing routes from a peer.",
"items": {
"description": "BGPFilterRuleV4 defines a BGP filter rule consisting a single IPv4 CIDR block and a filter action for this CIDR.",
"properties": {
"action": {
"type": "string"
},
"cidr": {
"type": "string"
},
"interface": {
"type": "string"
},
"matchOperator": {
"type": "string"
},
"prefixLength": {
"properties": {
"max": {
"format": "int32",
"maximum": 32,
"minimum": 0,
"type": "integer"
},
"min": {
"format": "int32",
"maximum": 32,
"minimum": 0,
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
},
"source": {
"type": "string"
}
},
"required": [
"action"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"importV6": {
"description": "The ordered set of IPv6 BGPFilter rules acting on importing routes from a peer.",
"items": {
"description": "BGPFilterRuleV6 defines a BGP filter rule consisting a single IPv6 CIDR block and a filter action for this CIDR.",
"properties": {
"action": {
"type": "string"
},
"cidr": {
"type": "string"
},
"interface": {
"type": "string"
},
"matchOperator": {
"type": "string"
},
"prefixLength": {
"properties": {
"max": {
"format": "int32",
"maximum": 128,
"minimum": 0,
"type": "integer"
},
"min": {
"format": "int32",
"maximum": 128,
"minimum": 0,
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
},
"source": {
"type": "string"
}
},
"required": [
"action"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

105
projectcalico.org/bgppeer_v3.json Normal file
View File

@ -0,0 +1,105 @@
{
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "BGPPeerSpec contains the specification for a BGPPeer resource.",
"properties": {
"asNumber": {
"description": "The AS Number of the peer.",
"format": "int32",
"type": "integer"
},
"filters": {
"description": "The ordered set of BGPFilters applied on this BGP peer.",
"items": {
"type": "string"
},
"type": "array"
},
"keepOriginalNextHop": {
"description": "Option to keep the original nexthop field when routes are sent to a BGP Peer. Setting \"true\" configures the selected BGP Peers node to use the \"next hop keep;\" instead of \"next hop self;\"(default) in the specific branch of the Node on \"bird.cfg\".",
"type": "boolean"
},
"maxRestartTime": {
"description": "Time to allow for software restart. When specified, this is configured as the graceful restart timeout. When not specified, the BIRD default of 120s is used.",
"type": "string"
},
"node": {
"description": "The node name identifying the Calico node instance that is targeted by this peer. If this is not set, and no nodeSelector is specified, then this BGP peer selects all nodes in the cluster.",
"type": "string"
},
"nodeSelector": {
"description": "Selector for the nodes that should have this peering. When this is set, the Node field must be empty.",
"type": "string"
},
"numAllowedLocalASNumbers": {
"description": "Maximum number of local AS numbers that are allowed in the AS path for received routes. This removes BGP loop prevention and should only be used if absolutely necessary.",
"format": "int32",
"type": "integer"
},
"password": {
"description": "Optional BGP password for the peerings generated by this BGPPeer resource.",
"properties": {
"secretKeyRef": {
"description": "Selects a key of a secret in the node pod's namespace.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
"type": "string"
},
"name": {
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?",
"type": "string"
},
"optional": {
"description": "Specify whether the Secret or its key must be defined",
"type": "boolean"
}
},
"required": [
"key"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"peerIP": {
"description": "The IP address of the peer followed by an optional port number to peer with. If port number is given, format should be `[<IPv6>]:port` or `<IPv4>:<port>` for IPv4. If optional port number is not set, and this peer IP and ASNumber belongs to a calico/node with ListenPort set in BGPConfiguration, then we use that port to peer.",
"type": "string"
},
"peerSelector": {
"description": "Selector for the remote nodes to peer with. When this is set, the PeerIP and ASNumber fields must be empty. For each peering between the local node and selected remote nodes, we configure an IPv4 peering if both ends have NodeBGPSpec.IPv4Address specified, and an IPv6 peering if both ends have NodeBGPSpec.IPv6Address specified. The remote AS number comes from the remote node's NodeBGPSpec.ASNumber, or the global default if that is not set.",
"type": "string"
},
"reachableBy": {
"description": "Add an exact, i.e. /32, static route toward peer IP in order to prevent route flapping. ReachableBy contains the address of the gateway which peer can be reached by.",
"type": "string"
},
"sourceAddress": {
"description": "Specifies whether and how to configure a source address for the peerings generated by this BGPPeer resource. Default value \"UseNodeIP\" means to configure the node IP as the source address. \"None\" means not to configure a source address.",
"type": "string"
},
"ttlSecurity": {
"description": "TTLSecurity enables the generalized TTL security mechanism (GTSM) which protects against spoofed packets by ignoring received packets with a smaller than expected TTL value. The provided value is the number of hops (edges) between the peers.",
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

42
projectcalico.org/blockaffinity_v3.json Normal file
View File

@ -0,0 +1,42 @@
{
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "BlockAffinitySpec contains the specification for a BlockAffinity resource.",
"properties": {
"cidr": {
"type": "string"
},
"deleted": {
"description": "Deleted indicates that this block affinity is being deleted. This field is a string for compatibility with older releases that mistakenly treat this field as a string.",
"type": "string"
},
"node": {
"type": "string"
},
"state": {
"type": "string"
}
},
"required": [
"cidr",
"deleted",
"node",
"state"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

287
projectcalico.org/caliconodestatus_v3.json Normal file
View File

@ -0,0 +1,287 @@
{
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "CalicoNodeStatusSpec contains the specification for a CalicoNodeStatus resource.",
"properties": {
"classes": {
"description": "Classes declares the types of information to monitor for this calico/node, and allows for selective status reporting about certain subsets of information.",
"items": {
"type": "string"
},
"type": "array"
},
"node": {
"description": "The node name identifies the Calico node instance for node status.",
"type": "string"
},
"updatePeriodSeconds": {
"description": "UpdatePeriodSeconds is the period at which CalicoNodeStatus should be updated. Set to 0 to disable CalicoNodeStatus refresh. Maximum update period is one day.",
"format": "int32",
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
},
"status": {
"description": "CalicoNodeStatusStatus defines the observed state of CalicoNodeStatus. No validation needed for status since it is updated by Calico.",
"properties": {
"agent": {
"description": "Agent holds agent status on the node.",
"properties": {
"birdV4": {
"description": "BIRDV4 represents the latest observed status of bird4.",
"properties": {
"lastBootTime": {
"description": "LastBootTime holds the value of lastBootTime from bird.ctl output.",
"type": "string"
},
"lastReconfigurationTime": {
"description": "LastReconfigurationTime holds the value of lastReconfigTime from bird.ctl output.",
"type": "string"
},
"routerID": {
"description": "Router ID used by bird.",
"type": "string"
},
"state": {
"description": "The state of the BGP Daemon.",
"type": "string"
},
"version": {
"description": "Version of the BGP daemon",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"birdV6": {
"description": "BIRDV6 represents the latest observed status of bird6.",
"properties": {
"lastBootTime": {
"description": "LastBootTime holds the value of lastBootTime from bird.ctl output.",
"type": "string"
},
"lastReconfigurationTime": {
"description": "LastReconfigurationTime holds the value of lastReconfigTime from bird.ctl output.",
"type": "string"
},
"routerID": {
"description": "Router ID used by bird.",
"type": "string"
},
"state": {
"description": "The state of the BGP Daemon.",
"type": "string"
},
"version": {
"description": "Version of the BGP daemon",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"bgp": {
"description": "BGP holds node BGP status.",
"properties": {
"numberEstablishedV4": {
"description": "The total number of IPv4 established bgp sessions.",
"type": "integer"
},
"numberEstablishedV6": {
"description": "The total number of IPv6 established bgp sessions.",
"type": "integer"
},
"numberNotEstablishedV4": {
"description": "The total number of IPv4 non-established bgp sessions.",
"type": "integer"
},
"numberNotEstablishedV6": {
"description": "The total number of IPv6 non-established bgp sessions.",
"type": "integer"
},
"peersV4": {
"description": "PeersV4 represents IPv4 BGP peers status on the node.",
"items": {
"description": "CalicoNodePeer contains the status of BGP peers on the node.",
"properties": {
"peerIP": {
"description": "IP address of the peer whose condition we are reporting.",
"type": "string"
},
"since": {
"description": "Since the state or reason last changed.",
"type": "string"
},
"state": {
"description": "State is the BGP session state.",
"type": "string"
},
"type": {
"description": "Type indicates whether this peer is configured via the node-to-node mesh, or via en explicit global or per-node BGPPeer object.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"peersV6": {
"description": "PeersV6 represents IPv6 BGP peers status on the node.",
"items": {
"description": "CalicoNodePeer contains the status of BGP peers on the node.",
"properties": {
"peerIP": {
"description": "IP address of the peer whose condition we are reporting.",
"type": "string"
},
"since": {
"description": "Since the state or reason last changed.",
"type": "string"
},
"state": {
"description": "State is the BGP session state.",
"type": "string"
},
"type": {
"description": "Type indicates whether this peer is configured via the node-to-node mesh, or via en explicit global or per-node BGPPeer object.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"required": [
"numberEstablishedV4",
"numberEstablishedV6",
"numberNotEstablishedV4",
"numberNotEstablishedV6"
],
"type": "object",
"additionalProperties": false
},
"lastUpdated": {
"description": "LastUpdated is a timestamp representing the server time when CalicoNodeStatus object last updated. It is represented in RFC3339 form and is in UTC.",
"format": "date-time",
"nullable": true,
"type": "string"
},
"routes": {
"description": "Routes reports routes known to the Calico BGP daemon on the node.",
"properties": {
"routesV4": {
"description": "RoutesV4 represents IPv4 routes on the node.",
"items": {
"description": "CalicoNodeRoute contains the status of BGP routes on the node.",
"properties": {
"destination": {
"description": "Destination of the route.",
"type": "string"
},
"gateway": {
"description": "Gateway for the destination.",
"type": "string"
},
"interface": {
"description": "Interface for the destination",
"type": "string"
},
"learnedFrom": {
"description": "LearnedFrom contains information regarding where this route originated.",
"properties": {
"peerIP": {
"description": "If sourceType is NodeMesh or BGPPeer, IP address of the router that sent us this route.",
"type": "string"
},
"sourceType": {
"description": "Type of the source where a route is learned from.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"type": {
"description": "Type indicates if the route is being used for forwarding or not.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"routesV6": {
"description": "RoutesV6 represents IPv6 routes on the node.",
"items": {
"description": "CalicoNodeRoute contains the status of BGP routes on the node.",
"properties": {
"destination": {
"description": "Destination of the route.",
"type": "string"
},
"gateway": {
"description": "Gateway for the destination.",
"type": "string"
},
"interface": {
"description": "Interface for the destination",
"type": "string"
},
"learnedFrom": {
"description": "LearnedFrom contains information regarding where this route originated.",
"properties": {
"peerIP": {
"description": "If sourceType is NodeMesh or BGPPeer, IP address of the router that sent us this route.",
"type": "string"
},
"sourceType": {
"description": "Type of the source where a route is learned from.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"type": {
"description": "Type indicates if the route is being used for forwarding or not.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

44
projectcalico.org/clusterinformation_v3.json Normal file
View File

@ -0,0 +1,44 @@
{
"description": "ClusterInformation contains the cluster specific information.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "ClusterInformationSpec contains the values of describing the cluster.",
"properties": {
"calicoVersion": {
"description": "CalicoVersion is the version of Calico that the cluster is running",
"type": "string"
},
"clusterGUID": {
"description": "ClusterGUID is the GUID of the cluster",
"type": "string"
},
"clusterType": {
"description": "ClusterType describes the type of the cluster",
"type": "string"
},
"datastoreReady": {
"description": "DatastoreReady is used during significant datastore migrations to signal to components such as Felix that it should wait before accessing the datastore.",
"type": "boolean"
},
"variant": {
"description": "Variant declares which variant of Calico should be active.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

793
projectcalico.org/felixconfiguration_v3.json Normal file
View File

@ -0,0 +1,793 @@
{
"description": "Felix Configuration contains the configuration for Felix.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "FelixConfigurationSpec contains the values of the Felix configuration.",
"properties": {
"allowIPIPPacketsFromWorkloads": {
"description": "AllowIPIPPacketsFromWorkloads controls whether Felix will add a rule to drop IPIP encapsulated traffic from workloads [Default: false]",
"type": "boolean"
},
"allowVXLANPacketsFromWorkloads": {
"description": "AllowVXLANPacketsFromWorkloads controls whether Felix will add a rule to drop VXLAN encapsulated traffic from workloads [Default: false]",
"type": "boolean"
},
"awsSrcDstCheck": {
"description": "Set source-destination-check on AWS EC2 instances. Accepted value must be one of \"DoNothing\", \"Enable\" or \"Disable\". [Default: DoNothing]",
"enum": [
"DoNothing",
"Enable",
"Disable"
],
"type": "string"
},
"bpfCTLBLogFilter": {
"description": "BPFCTLBLogFilter specifies, what is logged by connect time load balancer when BPFLogLevel is debug. Currently has to be specified as 'all' when BPFLogFilters is set to see CTLB logs. [Default: unset - means logs are emitted when BPFLogLevel id debug and BPFLogFilters not set.]",
"type": "string"
},
"bpfConnectTimeLoadBalancing": {
"description": "BPFConnectTimeLoadBalancing when in BPF mode, controls whether Felix installs the connect-time load balancer. The connect-time load balancer is required for the host to be able to reach Kubernetes services and it improves the performance of pod-to-service connections.When set to TCP, connect time load balancing is available only for services with TCP ports. [Default: TCP]",
"enum": [
"TCP",
"Enabled",
"Disabled"
],
"type": "string"
},
"bpfConnectTimeLoadBalancingEnabled": {
"description": "BPFConnectTimeLoadBalancingEnabled when in BPF mode, controls whether Felix installs the connection-time load balancer. The connect-time load balancer is required for the host to be able to reach Kubernetes services and it improves the performance of pod-to-service connections. The only reason to disable it is for debugging purposes. This will be deprecated. Use BPFConnectTimeLoadBalancing [Default: true]",
"type": "boolean"
},
"bpfDSROptoutCIDRs": {
"description": "BPFDSROptoutCIDRs is a list of CIDRs which are excluded from DSR. That is, clients in those CIDRs will accesses nodeports as if BPFExternalServiceMode was set to Tunnel.",
"items": {
"type": "string"
},
"type": "array"
},
"bpfDataIfacePattern": {
"description": "BPFDataIfacePattern is a regular expression that controls which interfaces Felix should attach BPF programs to in order to catch traffic to/from the network. This needs to match the interfaces that Calico workload traffic flows over as well as any interfaces that handle incoming traffic to nodeports and services from outside the cluster. It should not match the workload interfaces (usually named cali...).",
"type": "string"
},
"bpfDisableGROForIfaces": {
"description": "BPFDisableGROForIfaces is a regular expression that controls which interfaces Felix should disable the Generic Receive Offload [GRO] option. It should not match the workload interfaces (usually named cali...).",
"type": "string"
},
"bpfDisableUnprivileged": {
"description": "BPFDisableUnprivileged, if enabled, Felix sets the kernel.unprivileged_bpf_disabled sysctl to disable unprivileged use of BPF. This ensures that unprivileged users cannot access Calico's BPF maps and cannot insert their own BPF programs to interfere with Calico's. [Default: true]",
"type": "boolean"
},
"bpfEnabled": {
"description": "BPFEnabled, if enabled Felix will use the BPF dataplane. [Default: false]",
"type": "boolean"
},
"bpfEnforceRPF": {
"description": "BPFEnforceRPF enforce strict RPF on all host interfaces with BPF programs regardless of what is the per-interfaces or global setting. Possible values are Disabled, Strict or Loose. [Default: Loose]",
"pattern": "^(?i)(Disabled|Strict|Loose)?$",
"type": "string"
},
"bpfExcludeCIDRsFromNAT": {
"description": "BPFExcludeCIDRsFromNAT is a list of CIDRs that are to be excluded from NAT resolution so that host can handle them. A typical usecase is node local DNS cache.",
"items": {
"type": "string"
},
"type": "array"
},
"bpfExtToServiceConnmark": {
"description": "BPFExtToServiceConnmark in BPF mode, control a 32bit mark that is set on connections from an external client to a local service. This mark allows us to control how packets of that connection are routed within the host and how is routing interpreted by RPF check. [Default: 0]",
"type": "integer"
},
"bpfExternalServiceMode": {
"description": "BPFExternalServiceMode in BPF mode, controls how connections from outside the cluster to services (node ports and cluster IPs) are forwarded to remote workloads. If set to \"Tunnel\" then both request and response traffic is tunneled to the remote node. If set to \"DSR\", the request traffic is tunneled but the response traffic is sent directly from the remote node. In \"DSR\" mode, the remote node appears to use the IP of the ingress node; this requires a permissive L2 network. [Default: Tunnel]",
"pattern": "^(?i)(Tunnel|DSR)?$",
"type": "string"
},
"bpfForceTrackPacketsFromIfaces": {
"description": "BPFForceTrackPacketsFromIfaces in BPF mode, forces traffic from these interfaces to skip Calico's iptables NOTRACK rule, allowing traffic from those interfaces to be tracked by Linux conntrack. Should only be used for interfaces that are not used for the Calico fabric. For example, a docker bridge device for non-Calico-networked containers. [Default: docker+]",
"items": {
"type": "string"
},
"type": "array"
},
"bpfHostConntrackBypass": {
"description": "BPFHostConntrackBypass Controls whether to bypass Linux conntrack in BPF mode for workloads and services. [Default: true - bypass Linux conntrack]",
"type": "boolean"
},
"bpfHostNetworkedNATWithoutCTLB": {
"description": "BPFHostNetworkedNATWithoutCTLB when in BPF mode, controls whether Felix does a NAT without CTLB. This along with BPFConnectTimeLoadBalancing determines the CTLB behavior. [Default: Enabled]",
"enum": [
"Enabled",
"Disabled"
],
"type": "string"
},
"bpfKubeProxyEndpointSlicesEnabled": {
"description": "BPFKubeProxyEndpointSlicesEnabled is deprecated and has no effect. BPF kube-proxy always accepts endpoint slices. This option will be removed in the next release.",
"type": "boolean"
},
"bpfKubeProxyIptablesCleanupEnabled": {
"description": "BPFKubeProxyIptablesCleanupEnabled, if enabled in BPF mode, Felix will proactively clean up the upstream Kubernetes kube-proxy's iptables chains. Should only be enabled if kube-proxy is not running. [Default: true]",
"type": "boolean"
},
"bpfKubeProxyMinSyncPeriod": {
"description": "BPFKubeProxyMinSyncPeriod, in BPF mode, controls the minimum time between updates to the dataplane for Felix's embedded kube-proxy. Lower values give reduced set-up latency. Higher values reduce Felix CPU usage by batching up more work. [Default: 1s]",
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
},
"bpfL3IfacePattern": {
"description": "BPFL3IfacePattern is a regular expression that allows to list tunnel devices like wireguard or vxlan (i.e., L3 devices) in addition to BPFDataIfacePattern. That is, tunnel interfaces not created by Calico, that Calico workload traffic flows over as well as any interfaces that handle incoming traffic to nodeports and services from outside the cluster.",
"type": "string"
},
"bpfLogFilters": {
"additionalProperties": {
"type": "string"
},
"description": "BPFLogFilters is a map of key=values where the value is a pcap filter expression and the key is an interface name with 'all' denoting all interfaces, 'weps' all workload endpoints and 'heps' all host endpoints. \n When specified as an env var, it accepts a comma-separated list of key=values. [Default: unset - means all debug logs are emitted]",
"type": "object"
},
"bpfLogLevel": {
"description": "BPFLogLevel controls the log level of the BPF programs when in BPF dataplane mode. One of \"Off\", \"Info\", or \"Debug\". The logs are emitted to the BPF trace pipe, accessible with the command `tc exec bpf debug`. [Default: Off].",
"pattern": "^(?i)(Off|Info|Debug)?$",
"type": "string"
},
"bpfMapSizeConntrack": {
"description": "BPFMapSizeConntrack sets the size for the conntrack map. This map must be large enough to hold an entry for each active connection. Warning: changing the size of the conntrack map can cause disruption.",
"type": "integer"
},
"bpfMapSizeIPSets": {
"description": "BPFMapSizeIPSets sets the size for ipsets map. The IP sets map must be large enough to hold an entry for each endpoint matched by every selector in the source/destination matches in network policy. Selectors such as \"all()\" can result in large numbers of entries (one entry per endpoint in that case).",
"type": "integer"
},
"bpfMapSizeIfState": {
"description": "BPFMapSizeIfState sets the size for ifstate map. The ifstate map must be large enough to hold an entry for each device (host + workloads) on a host.",
"type": "integer"
},
"bpfMapSizeNATAffinity": {
"type": "integer"
},
"bpfMapSizeNATBackend": {
"description": "BPFMapSizeNATBackend sets the size for nat back end map. This is the total number of endpoints. This is mostly more than the size of the number of services.",
"type": "integer"
},
"bpfMapSizeNATFrontend": {
"description": "BPFMapSizeNATFrontend sets the size for nat front end map. FrontendMap should be large enough to hold an entry for each nodeport, external IP and each port in each service.",
"type": "integer"
},
"bpfMapSizeRoute": {
"description": "BPFMapSizeRoute sets the size for the routes map. The routes map should be large enough to hold one entry per workload and a handful of entries per host (enough to cover its own IPs and tunnel IPs).",
"type": "integer"
},
"bpfPSNATPorts": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"description": "BPFPSNATPorts sets the range from which we randomly pick a port if there is a source port collision. This should be within the ephemeral range as defined by RFC 6056 (1024\u201365535) and preferably outside the ephemeral ranges used by common operating systems. Linux uses 32768\u201360999, while others mostly use the IANA defined range 49152\u201365535. It is not necessarily a problem if this range overlaps with the operating systems. Both ends of the range are inclusive. [Default: 20000:29999]",
"pattern": "^.*",
"x-kubernetes-int-or-string": true
},
"bpfPolicyDebugEnabled": {
"description": "BPFPolicyDebugEnabled when true, Felix records detailed information about the BPF policy programs, which can be examined with the calico-bpf command-line tool.",
"type": "boolean"
},
"bpfRedirectToPeer": {
"description": "BPFRedirectToPeer controls which whether it is allowed to forward straight to the peer side of the workload devices. It is allowed for any host L2 devices by default (L2Only), but it breaks TCP dump on the host side of workload device as it bypasses it on ingress. Value of Enabled also allows redirection from L3 host devices like IPIP tunnel or Wireguard directly to the peer side of the workload's device. This makes redirection faster, however, it breaks tools like tcpdump on the peer side. Use Enabled with caution. [Default: L2Only]",
"type": "string"
},
"chainInsertMode": {
"description": "ChainInsertMode controls whether Felix hooks the kernel's top-level iptables chains by inserting a rule at the top of the chain or by appending a rule at the bottom. insert is the safe default since it prevents Calico's rules from being bypassed. If you switch to append mode, be sure that the other rules in the chains signal acceptance by falling through to the Calico rules, otherwise the Calico policy will be bypassed. [Default: insert]",
"pattern": "^(?i)(insert|append)?$",
"type": "string"
},
"dataplaneDriver": {
"description": "DataplaneDriver filename of the external dataplane driver to use. Only used if UseInternalDataplaneDriver is set to false.",
"type": "string"
},
"dataplaneWatchdogTimeout": {
"description": "DataplaneWatchdogTimeout is the readiness/liveness timeout used for Felix's (internal) dataplane driver. Increase this value if you experience spurious non-ready or non-live events when Felix is under heavy load. Decrease the value to get felix to report non-live or non-ready more quickly. [Default: 90s] \n Deprecated: replaced by the generic HealthTimeoutOverrides.",
"type": "string"
},
"debugDisableLogDropping": {
"type": "boolean"
},
"debugHost": {
"description": "DebugHost is the host IP or hostname to bind the debug port to. Only used if DebugPort is set. [Default:localhost]",
"type": "string"
},
"debugMemoryProfilePath": {
"type": "string"
},
"debugPort": {
"description": "DebugPort if set, enables Felix's debug HTTP port, which allows memory and CPU profiles to be retrieved. The debug port is not secure, it should not be exposed to the internet.",
"type": "integer"
},
"debugSimulateCalcGraphHangAfter": {
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
},
"debugSimulateDataplaneApplyDelay": {
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
},
"debugSimulateDataplaneHangAfter": {
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
},
"defaultEndpointToHostAction": {
"description": "DefaultEndpointToHostAction controls what happens to traffic that goes from a workload endpoint to the host itself (after the traffic hits the endpoint egress policy). By default Calico blocks traffic from workload endpoints to the host itself with an iptables \"DROP\" action. If you want to allow some or all traffic from endpoint to host, set this parameter to RETURN or ACCEPT. Use RETURN if you have your own rules in the iptables \"INPUT\" chain; Calico will insert its rules at the top of that chain, then \"RETURN\" packets to the \"INPUT\" chain once it has completed processing workload endpoint egress policy. Use ACCEPT to unconditionally accept packets from workloads after processing workload endpoint egress policy. [Default: Drop]",
"pattern": "^(?i)(Drop|Accept|Return)?$",
"type": "string"
},
"deviceRouteProtocol": {
"description": "This defines the route protocol added to programmed device routes, by default this will be RTPROT_BOOT when left blank.",
"type": "integer"
},
"deviceRouteSourceAddress": {
"description": "This is the IPv4 source address to use on programmed device routes. By default the source address is left blank, leaving the kernel to choose the source address used.",
"type": "string"
},
"deviceRouteSourceAddressIPv6": {
"description": "This is the IPv6 source address to use on programmed device routes. By default the source address is left blank, leaving the kernel to choose the source address used.",
"type": "string"
},
"disableConntrackInvalidCheck": {
"type": "boolean"
},
"endpointReportingDelay": {
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
},
"endpointReportingEnabled": {
"type": "boolean"
},
"endpointStatusPathPrefix": {
"description": "EndpointStatusPathPrefix is the path to the directory where endpoint status will be written. Endpoint status file reporting is disabled if field is left empty. \n Chosen directory should match the directory used by the CNI for PodStartupDelay. [Default: \"\"]",
"type": "string"
},
"externalNodesList": {
"description": "ExternalNodesCIDRList is a list of CIDR's of external-non-calico-nodes which may source tunnel traffic and have the tunneled traffic be accepted at calico nodes.",
"items": {
"type": "string"
},
"type": "array"
},
"failsafeInboundHostPorts": {
"description": "FailsafeInboundHostPorts is a list of PortProto struct objects including UDP/TCP/SCTP ports and CIDRs that Felix will allow incoming traffic to host endpoints on irrespective of the security policy. This is useful to avoid accidentally cutting off a host with incorrect configuration. For backwards compatibility, if the protocol is not specified, it defaults to \"tcp\". If a CIDR is not specified, it will allow traffic from all addresses. To disable all inbound host ports, use the value \"[]\". The default value allows ssh access, DHCP, BGP, etcd and the Kubernetes API. [Default: tcp:22, udp:68, tcp:179, tcp:2379, tcp:2380, tcp:5473, tcp:6443, tcp:6666, tcp:6667 ]",
"items": {
"description": "ProtoPort is combination of protocol, port, and CIDR. Protocol and port must be specified.",
"properties": {
"net": {
"type": "string"
},
"port": {
"type": "integer"
},
"protocol": {
"type": "string"
}
},
"required": [
"port",
"protocol"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"failsafeOutboundHostPorts": {
"description": "FailsafeOutboundHostPorts is a list of List of PortProto struct objects including UDP/TCP/SCTP ports and CIDRs that Felix will allow outgoing traffic from host endpoints to irrespective of the security policy. This is useful to avoid accidentally cutting off a host with incorrect configuration. For backwards compatibility, if the protocol is not specified, it defaults to \"tcp\". If a CIDR is not specified, it will allow traffic from all addresses. To disable all outbound host ports, use the value \"[]\". The default value opens etcd's standard ports to ensure that Felix does not get cut off from etcd as well as allowing DHCP, DNS, BGP and the Kubernetes API. [Default: udp:53, udp:67, tcp:179, tcp:2379, tcp:2380, tcp:5473, tcp:6443, tcp:6666, tcp:6667 ]",
"items": {
"description": "ProtoPort is combination of protocol, port, and CIDR. Protocol and port must be specified.",
"properties": {
"net": {
"type": "string"
},
"port": {
"type": "integer"
},
"protocol": {
"type": "string"
}
},
"required": [
"port",
"protocol"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"featureDetectOverride": {
"description": "FeatureDetectOverride is used to override feature detection based on auto-detected platform capabilities. Values are specified in a comma separated list with no spaces, example; \"SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=\". \"true\" or \"false\" will force the feature, empty or omitted values are auto-detected.",
"pattern": "^([a-zA-Z0-9-_]+=(true|false|),)*([a-zA-Z0-9-_]+=(true|false|))?$",
"type": "string"
},
"featureGates": {
"description": "FeatureGates is used to enable or disable tech-preview Calico features. Values are specified in a comma separated list with no spaces, example; \"BPFConnectTimeLoadBalancingWorkaround=enabled,XyZ=false\". This is used to enable features that are not fully production ready.",
"pattern": "^([a-zA-Z0-9-_]+=([^=]+),)*([a-zA-Z0-9-_]+=([^=]+))?$",
"type": "string"
},
"floatingIPs": {
"description": "FloatingIPs configures whether or not Felix will program non-OpenStack floating IP addresses. (OpenStack-derived floating IPs are always programmed, regardless of this setting.)",
"enum": [
"Enabled",
"Disabled"
],
"type": "string"
},
"genericXDPEnabled": {
"description": "GenericXDPEnabled enables Generic XDP so network cards that don't support XDP offload or driver modes can use XDP. This is not recommended since it doesn't provide better performance than iptables. [Default: false]",
"type": "boolean"
},
"goGCThreshold": {
"description": "GoGCThreshold Sets the Go runtime's garbage collection threshold. I.e. the percentage that the heap is allowed to grow before garbage collection is triggered. In general, doubling the value halves the CPU time spent doing GC, but it also doubles peak GC memory overhead. A special value of -1 can be used to disable GC entirely; this should only be used in conjunction with the GoMemoryLimitMB setting. \n This setting is overridden by the GOGC environment variable. \n [Default: 40]",
"type": "integer"
},
"goMaxProcs": {
"description": "GoMaxProcs sets the maximum number of CPUs that the Go runtime will use concurrently. A value of -1 means \"use the system default\"; typically the number of real CPUs on the system. \n this setting is overridden by the GOMAXPROCS environment variable. \n [Default: -1]",
"type": "integer"
},
"goMemoryLimitMB": {
"description": "GoMemoryLimitMB sets a (soft) memory limit for the Go runtime in MB. The Go runtime will try to keep its memory usage under the limit by triggering GC as needed. To avoid thrashing, it will exceed the limit if GC starts to take more than 50% of the process's CPU time. A value of -1 disables the memory limit. \n Note that the memory limit, if used, must be considerably less than any hard resource limit set at the container or pod level. This is because felix is not the only process that must run in the container or pod. \n This setting is overridden by the GOMEMLIMIT environment variable. \n [Default: -1]",
"type": "integer"
},
"healthEnabled": {
"type": "boolean"
},
"healthHost": {
"type": "string"
},
"healthPort": {
"type": "integer"
},
"healthTimeoutOverrides": {
"description": "HealthTimeoutOverrides allows the internal watchdog timeouts of individual subcomponents to be overridden. This is useful for working around \"false positive\" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs.",
"items": {
"properties": {
"name": {
"type": "string"
},
"timeout": {
"type": "string"
}
},
"required": [
"name",
"timeout"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"interfaceExclude": {
"description": "InterfaceExclude is a comma-separated list of interfaces that Felix should exclude when monitoring for host endpoints. The default value ensures that Felix ignores Kubernetes' IPVS dummy interface, which is used internally by kube-proxy. If you want to exclude multiple interface names using a single value, the list supports regular expressions. For regular expressions you must wrap the value with '/'. For example having values '/^kube/,veth1' will exclude all interfaces that begin with 'kube' and also the interface 'veth1'. [Default: kube-ipvs0]",
"type": "string"
},
"interfacePrefix": {
"description": "InterfacePrefix is the interface name prefix that identifies workload endpoints and so distinguishes them from host endpoint interfaces. Note: in environments other than bare metal, the orchestrators configure this appropriately. For example our Kubernetes and Docker integrations set the 'cali' value, and our OpenStack integration sets the 'tap' value. [Default: cali]",
"type": "string"
},
"interfaceRefreshInterval": {
"description": "InterfaceRefreshInterval is the period at which Felix rescans local interfaces to verify their state. The rescan can be disabled by setting the interval to 0.",
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
},
"ipForwarding": {
"description": "IPForwarding controls whether Felix sets the host sysctls to enable IP forwarding. IP forwarding is required when using Calico for workload networking. This should only be disabled on hosts where Calico is used for host protection. [Default: Enabled]",
"enum": [
"Enabled",
"Disabled"
],
"type": "string"
},
"ipipEnabled": {
"description": "IPIPEnabled overrides whether Felix should configure an IPIP interface on the host. Optional as Felix determines this based on the existing IP pools. [Default: nil (unset)]",
"type": "boolean"
},
"ipipMTU": {
"description": "IPIPMTU is the MTU to set on the tunnel device. See Configuring MTU [Default: 1440]",
"type": "integer"
},
"ipsetsRefreshInterval": {
"description": "IpsetsRefreshInterval is the period at which Felix re-checks all iptables state to ensure that no other process has accidentally broken Calico's rules. Set to 0 to disable iptables refresh. [Default: 90s]",
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
},
"iptablesBackend": {
"description": "IptablesBackend specifies which backend of iptables will be used. The default is Auto.",
"pattern": "^(?i)(Auto|FelixConfiguration|FelixConfigurationList|Legacy|NFT)?$",
"type": "string"
},
"iptablesFilterAllowAction": {
"pattern": "^(?i)(Accept|Return)?$",
"type": "string"
},
"iptablesFilterDenyAction": {
"description": "IptablesFilterDenyAction controls what happens to traffic that is denied by network policy. By default Calico blocks traffic with an iptables \"DROP\" action. If you want to use \"REJECT\" action instead you can configure it in here.",
"pattern": "^(?i)(Drop|Reject)?$",
"type": "string"
},
"iptablesLockFilePath": {
"description": "IptablesLockFilePath is the location of the iptables lock file. You may need to change this if the lock file is not in its standard location (for example if you have mapped it into Felix's container at a different path). [Default: /run/xtables.lock]",
"type": "string"
},
"iptablesLockProbeInterval": {
"description": "IptablesLockProbeInterval is the time that Felix will wait between attempts to acquire the iptables lock if it is not available. Lower values make Felix more responsive when the lock is contended, but use more CPU. [Default: 50ms]",
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
},
"iptablesLockTimeout": {
"description": "IptablesLockTimeout is the time that Felix will wait for the iptables lock, or 0, to disable. To use this feature, Felix must share the iptables lock file with all other processes that also take the lock. When running Felix inside a container, this requires the /run directory of the host to be mounted into the calico/node or calico/felix container. [Default: 0s disabled]",
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
},
"iptablesMangleAllowAction": {
"pattern": "^(?i)(Accept|Return)?$",
"type": "string"
},
"iptablesMarkMask": {
"description": "IptablesMarkMask is the mask that Felix selects its IPTables Mark bits from. Should be a 32 bit hexadecimal number with at least 8 bits set, none of which clash with any other mark bits in use on the system. [Default: 0xff000000]",
"format": "int32",
"type": "integer"
},
"iptablesNATOutgoingInterfaceFilter": {
"type": "string"
},
"iptablesPostWriteCheckInterval": {
"description": "IptablesPostWriteCheckInterval is the period after Felix has done a write to the dataplane that it schedules an extra read back in order to check the write was not clobbered by another process. This should only occur if another application on the system doesn't respect the iptables lock. [Default: 1s]",
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
},
"iptablesRefreshInterval": {
"description": "IptablesRefreshInterval is the period at which Felix re-checks the IP sets in the dataplane to ensure that no other process has accidentally broken Calico's rules. Set to 0 to disable IP sets refresh. Note: the default for this value is lower than the other refresh intervals as a workaround for a Linux kernel bug that was fixed in kernel version 4.11. If you are using v4.11 or greater you may want to set this to, a higher value to reduce Felix CPU usage. [Default: 10s]",
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
},
"ipv6Support": {
"description": "IPv6Support controls whether Felix enables support for IPv6 (if supported by the in-use dataplane).",
"type": "boolean"
},
"kubeNodePortRanges": {
"description": "KubeNodePortRanges holds list of port ranges used for service node ports. Only used if felix detects kube-proxy running in ipvs mode. Felix uses these ranges to separate host and workload traffic. [Default: 30000:32767].",
"items": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^.*",
"x-kubernetes-int-or-string": true
},
"type": "array"
},
"logDebugFilenameRegex": {
"description": "LogDebugFilenameRegex controls which source code files have their Debug log output included in the logs. Only logs from files with names that match the given regular expression are included. The filter only applies to Debug level logs.",
"type": "string"
},
"logFilePath": {
"description": "LogFilePath is the full path to the Felix log. Set to none to disable file logging. [Default: /var/log/calico/felix.log]",
"type": "string"
},
"logPrefix": {
"description": "LogPrefix is the log prefix that Felix uses when rendering LOG rules. [Default: calico-packet]",
"type": "string"
},
"logSeverityFile": {
"description": "LogSeverityFile is the log severity above which logs are sent to the log file. [Default: Info]",
"pattern": "^(?i)(Debug|Info|Warning|Error|Fatal)?$",
"type": "string"
},
"logSeverityScreen": {
"description": "LogSeverityScreen is the log severity above which logs are sent to the stdout. [Default: Info]",
"pattern": "^(?i)(Debug|Info|Warning|Error|Fatal)?$",
"type": "string"
},
"logSeveritySys": {
"description": "LogSeveritySys is the log severity above which logs are sent to the syslog. Set to None for no logging to syslog. [Default: Info]",
"pattern": "^(?i)(Debug|Info|Warning|Error|Fatal)?$",
"type": "string"
},
"maxIpsetSize": {
"description": "MaxIpsetSize is the maximum number of IP addresses that can be stored in an IP set. Not applicable if using the nftables backend.",
"type": "integer"
},
"metadataAddr": {
"description": "MetadataAddr is the IP address or domain name of the server that can answer VM queries for cloud-init metadata. In OpenStack, this corresponds to the machine running nova-api (or in Ubuntu, nova-api-metadata). A value of none (case-insensitive) means that Felix should not set up any NAT rule for the metadata path. [Default: 127.0.0.1]",
"type": "string"
},
"metadataPort": {
"description": "MetadataPort is the port of the metadata server. This, combined with global.MetadataAddr (if not 'None'), is used to set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort. In most cases this should not need to be changed [Default: 8775].",
"type": "integer"
},
"mtuIfacePattern": {
"description": "MTUIfacePattern is a regular expression that controls which interfaces Felix should scan in order to calculate the host's MTU. This should not match workload interfaces (usually named cali...).",
"type": "string"
},
"natOutgoingAddress": {
"description": "NATOutgoingAddress specifies an address to use when performing source NAT for traffic in a natOutgoing pool that is leaving the network. By default the address used is an address on the interface the traffic is leaving on (ie it uses the iptables MASQUERADE target)",
"type": "string"
},
"natPortRange": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"description": "NATPortRange specifies the range of ports that is used for port mapping when doing outgoing NAT. When unset the default behavior of the network stack is used.",
"pattern": "^.*",
"x-kubernetes-int-or-string": true
},
"netlinkTimeout": {
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
},
"nftablesFilterAllowAction": {
"pattern": "^(?i)(Accept|Return)?$",
"type": "string"
},
"nftablesFilterDenyAction": {
"description": "FilterDenyAction controls what happens to traffic that is denied by network policy. By default Calico blocks traffic with a \"drop\" action. If you want to use a \"reject\" action instead you can configure it here.",
"pattern": "^(?i)(Drop|Reject)?$",
"type": "string"
},
"nftablesMangleAllowAction": {
"pattern": "^(?i)(Accept|Return)?$",
"type": "string"
},
"nftablesMarkMask": {
"description": "MarkMask is the mask that Felix selects its nftables Mark bits from. Should be a 32 bit hexadecimal number with at least 8 bits set, none of which clash with any other mark bits in use on the system. [Default: 0xffff0000]",
"format": "int32",
"type": "integer"
},
"nftablesMode": {
"description": "NFTablesMode configures nftables support in Felix. [Default: Disabled]",
"type": "string"
},
"nftablesRefreshInterval": {
"description": "NftablesRefreshInterval controls the interval at which Felix periodically refreshes the nftables rules. [Default: 90s]",
"type": "string"
},
"openstackRegion": {
"description": "OpenstackRegion is the name of the region that a particular Felix belongs to. In a multi-region Calico/OpenStack deployment, this must be configured somehow for each Felix (here in the datamodel, or in felix.cfg or the environment on each compute node), and must match the [calico] openstack_region value configured in neutron.conf on each node. [Default: Empty]",
"type": "string"
},
"policySyncPathPrefix": {
"description": "PolicySyncPathPrefix is used to by Felix to communicate policy changes to external services, like Application layer policy. [Default: Empty]",
"type": "string"
},
"prometheusGoMetricsEnabled": {
"description": "PrometheusGoMetricsEnabled disables Go runtime metrics collection, which the Prometheus client does by default, when set to false. This reduces the number of metrics reported, reducing Prometheus load. [Default: true]",
"type": "boolean"
},
"prometheusMetricsEnabled": {
"description": "PrometheusMetricsEnabled enables the Prometheus metrics server in Felix if set to true. [Default: false]",
"type": "boolean"
},
"prometheusMetricsHost": {
"description": "PrometheusMetricsHost is the host that the Prometheus metrics server should bind to. [Default: empty]",
"type": "string"
},
"prometheusMetricsPort": {
"description": "PrometheusMetricsPort is the TCP port that the Prometheus metrics server should bind to. [Default: 9091]",
"type": "integer"
},
"prometheusProcessMetricsEnabled": {
"description": "PrometheusProcessMetricsEnabled disables process metrics collection, which the Prometheus client does by default, when set to false. This reduces the number of metrics reported, reducing Prometheus load. [Default: true]",
"type": "boolean"
},
"prometheusWireGuardMetricsEnabled": {
"description": "PrometheusWireGuardMetricsEnabled disables wireguard metrics collection, which the Prometheus client does by default, when set to false. This reduces the number of metrics reported, reducing Prometheus load. [Default: true]",
"type": "boolean"
},
"removeExternalRoutes": {
"description": "Whether or not to remove device routes that have not been programmed by Felix. Disabling this will allow external applications to also add device routes. This is enabled by default which means we will remove externally added routes.",
"type": "boolean"
},
"reportingInterval": {
"description": "ReportingInterval is the interval at which Felix reports its status into the datastore or 0 to disable. Must be non-zero in OpenStack deployments. [Default: 30s]",
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
},
"reportingTTL": {
"description": "ReportingTTL is the time-to-live setting for process-wide status reports. [Default: 90s]",
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
},
"routeRefreshInterval": {
"description": "RouteRefreshInterval is the period at which Felix re-checks the routes in the dataplane to ensure that no other process has accidentally broken Calico's rules. Set to 0 to disable route refresh. [Default: 90s]",
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
},
"routeSource": {
"description": "RouteSource configures where Felix gets its routing information. - WorkloadIPs: use workload endpoints to construct routes. - CalicoIPAM: the default - use IPAM data to construct routes.",
"pattern": "^(?i)(WorkloadIPs|CalicoIPAM)?$",
"type": "string"
},
"routeSyncDisabled": {
"description": "RouteSyncDisabled will disable all operations performed on the route table. Set to true to run in network-policy mode only.",
"type": "boolean"
},
"routeTableRange": {
"description": "Deprecated in favor of RouteTableRanges. Calico programs additional Linux route tables for various purposes. RouteTableRange specifies the indices of the route tables that Calico should use.",
"properties": {
"max": {
"type": "integer"
},
"min": {
"type": "integer"
}
},
"required": [
"max",
"min"
],
"type": "object",
"additionalProperties": false
},
"routeTableRanges": {
"description": "Calico programs additional Linux route tables for various purposes. RouteTableRanges specifies a set of table index ranges that Calico should use. Deprecates`RouteTableRange`, overrides `RouteTableRange`.",
"items": {
"properties": {
"max": {
"type": "integer"
},
"min": {
"type": "integer"
}
},
"required": [
"max",
"min"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"serviceLoopPrevention": {
"description": "When service IP advertisement is enabled, prevent routing loops to service IPs that are not in use, by dropping or rejecting packets that do not get DNAT'd by kube-proxy. Unless set to \"Disabled\", in which case such routing loops continue to be allowed. [Default: Drop]",
"pattern": "^(?i)(Drop|Reject|Disabled)?$",
"type": "string"
},
"sidecarAccelerationEnabled": {
"description": "SidecarAccelerationEnabled enables experimental sidecar acceleration [Default: false]",
"type": "boolean"
},
"usageReportingEnabled": {
"description": "UsageReportingEnabled reports anonymous Calico version number and cluster size to projectcalico.org. Logs warnings returned by the usage server. For example, if a significant security vulnerability has been discovered in the version of Calico being used. [Default: true]",
"type": "boolean"
},
"usageReportingInitialDelay": {
"description": "UsageReportingInitialDelay controls the minimum delay before Felix makes a report. [Default: 300s]",
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
},
"usageReportingInterval": {
"description": "UsageReportingInterval controls the interval at which Felix makes reports. [Default: 86400s]",
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
},
"useInternalDataplaneDriver": {
"description": "UseInternalDataplaneDriver, if true, Felix will use its internal dataplane programming logic. If false, it will launch an external dataplane driver and communicate with it over protobuf.",
"type": "boolean"
},
"vxlanEnabled": {
"description": "VXLANEnabled overrides whether Felix should create the VXLAN tunnel device for IPv4 VXLAN networking. Optional as Felix determines this based on the existing IP pools. [Default: nil (unset)]",
"type": "boolean"
},
"vxlanMTU": {
"description": "VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel device. See Configuring MTU [Default: 1410]",
"type": "integer"
},
"vxlanMTUV6": {
"description": "VXLANMTUV6 is the MTU to set on the IPv6 VXLAN tunnel device. See Configuring MTU [Default: 1390]",
"type": "integer"
},
"vxlanPort": {
"type": "integer"
},
"vxlanVNI": {
"type": "integer"
},
"windowsManageFirewallRules": {
"description": "WindowsManageFirewallRules configures whether or not Felix will program Windows Firewall rules. (to allow inbound access to its own metrics ports) [Default: Disabled]",
"enum": [
"Enabled",
"Disabled"
],
"type": "string"
},
"wireguardEnabled": {
"description": "WireguardEnabled controls whether Wireguard is enabled for IPv4 (encapsulating IPv4 traffic over an IPv4 underlay network). [Default: false]",
"type": "boolean"
},
"wireguardEnabledV6": {
"description": "WireguardEnabledV6 controls whether Wireguard is enabled for IPv6 (encapsulating IPv6 traffic over an IPv6 underlay network). [Default: false]",
"type": "boolean"
},
"wireguardHostEncryptionEnabled": {
"description": "WireguardHostEncryptionEnabled controls whether Wireguard host-to-host encryption is enabled. [Default: false]",
"type": "boolean"
},
"wireguardInterfaceName": {
"description": "WireguardInterfaceName specifies the name to use for the IPv4 Wireguard interface. [Default: wireguard.cali]",
"type": "string"
},
"wireguardInterfaceNameV6": {
"description": "WireguardInterfaceNameV6 specifies the name to use for the IPv6 Wireguard interface. [Default: wg-v6.cali]",
"type": "string"
},
"wireguardKeepAlive": {
"description": "WireguardKeepAlive controls Wireguard PersistentKeepalive option. Set 0 to disable. [Default: 0]",
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
},
"wireguardListeningPort": {
"description": "WireguardListeningPort controls the listening port used by IPv4 Wireguard. [Default: 51820]",
"type": "integer"
},
"wireguardListeningPortV6": {
"description": "WireguardListeningPortV6 controls the listening port used by IPv6 Wireguard. [Default: 51821]",
"type": "integer"
},
"wireguardMTU": {
"description": "WireguardMTU controls the MTU on the IPv4 Wireguard interface. See Configuring MTU [Default: 1440]",
"type": "integer"
},
"wireguardMTUV6": {
"description": "WireguardMTUV6 controls the MTU on the IPv6 Wireguard interface. See Configuring MTU [Default: 1420]",
"type": "integer"
},
"wireguardRoutingRulePriority": {
"description": "WireguardRoutingRulePriority controls the priority value to use for the Wireguard routing rule. [Default: 99]",
"type": "integer"
},
"wireguardThreadingEnabled": {
"description": "WireguardThreadingEnabled controls whether Wireguard has NAPI threading enabled. [Default: false]",
"type": "boolean"
},
"workloadSourceSpoofing": {
"description": "WorkloadSourceSpoofing controls whether pods can use the allowedSourcePrefixes annotation to send traffic with a source IP address that is not theirs. This is disabled by default. When set to \"Any\", pods can request any prefix.",
"pattern": "^(?i)(Disabled|Any)?$",
"type": "string"
},
"xdpEnabled": {
"description": "XDPEnabled enables XDP acceleration for suitable untracked incoming deny rules. [Default: true]",
"type": "boolean"
},
"xdpRefreshInterval": {
"description": "XDPRefreshInterval is the period at which Felix re-checks all XDP state to ensure that no other process has accidentally broken Calico's BPF maps or attached programs. Set to 0 to disable XDP refresh. [Default: 90s]",
"pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

705
projectcalico.org/globalnetworkpolicy_v3.json Normal file
View File

@ -0,0 +1,705 @@
{
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"properties": {
"applyOnForward": {
"description": "ApplyOnForward indicates to apply the rules in this policy on forward traffic.",
"type": "boolean"
},
"doNotTrack": {
"description": "DoNotTrack indicates whether packets matched by the rules in this policy should go through the data plane's connection tracking, such as Linux conntrack. If True, the rules in this policy are applied before any data plane connection tracking, and packets allowed by this policy are marked as not to be tracked.",
"type": "boolean"
},
"egress": {
"description": "The ordered set of egress rules. Each rule contains a set of packet match criteria and a corresponding action to apply.",
"items": {
"description": "A Rule encapsulates a set of match criteria and an action. Both selector-based security Policy and security Profiles reference rules - separated out as a list of rules for both ingress and egress packet matching. \n Each positive match criteria has a negated version, prefixed with \"Not\". All the match criteria within a rule must be satisfied for a packet to match. A single rule can contain the positive and negative version of a match and both must be satisfied for the rule to match.",
"properties": {
"action": {
"type": "string"
},
"destination": {
"description": "Destination contains the match criteria that apply to destination entity.",
"properties": {
"namespaceSelector": {
"description": "NamespaceSelector is an optional field that contains a selector expression. Only traffic that originates from (or terminates at) endpoints within the selected namespaces will be matched. When both NamespaceSelector and another selector are defined on the same rule, then only workload endpoints that are matched by both selectors will be selected by the rule. \n For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting only workload endpoints in the same namespace as the NetworkPolicy. \n For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting only GlobalNetworkSet or HostEndpoint. \n For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload endpoints across all namespaces.",
"type": "string"
},
"nets": {
"description": "Nets is an optional field that restricts the rule to only apply to traffic that originates from (or terminates at) IP addresses in any of the given subnets.",
"items": {
"type": "string"
},
"type": "array"
},
"notNets": {
"description": "NotNets is the negated version of the Nets field.",
"items": {
"type": "string"
},
"type": "array"
},
"notPorts": {
"description": "NotPorts is the negated version of the Ports field. Since only some protocols have ports, if any ports are specified it requires the Protocol match in the Rule to be set to \"TCP\" or \"UDP\".",
"items": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^.*",
"x-kubernetes-int-or-string": true
},
"type": "array"
},
"notSelector": {
"description": "NotSelector is the negated version of the Selector field. See Selector field for subtleties with negated selectors.",
"type": "string"
},
"ports": {
"description": "Ports is an optional field that restricts the rule to only apply to traffic that has a source (destination) port that matches one of these ranges/values. This value is a list of integers or strings that represent ranges of ports. \n Since only some protocols have ports, if any ports are specified it requires the Protocol match in the Rule to be set to \"TCP\" or \"UDP\".",
"items": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^.*",
"x-kubernetes-int-or-string": true
},
"type": "array"
},
"selector": {
"description": "Selector is an optional field that contains a selector expression (see Policy for sample syntax). Only traffic that originates from (terminates at) endpoints matching the selector will be matched. \n Note that: in addition to the negated version of the Selector (see NotSelector below), the selector expression syntax itself supports negation. The two types of negation are subtly different. One negates the set of matched endpoints, the other negates the whole match: \n \tSelector = \"!has(my_label)\" matches packets that are from other Calico-controlled \tendpoints that do not have the label \"my_label\". \n \tNotSelector = \"has(my_label)\" matches packets that are not from Calico-controlled \tendpoints that do have the label \"my_label\". \n The effect is that the latter will accept packets from non-Calico sources whereas the former is limited to packets from Calico-controlled endpoints.",
"type": "string"
},
"serviceAccounts": {
"description": "ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or terminates at) a pod running as a matching service account.",
"properties": {
"names": {
"description": "Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates at) a pod running as a service account whose name is in the list.",
"items": {
"type": "string"
},
"type": "array"
},
"selector": {
"description": "Selector is an optional field that restricts the rule to only apply to traffic that originates from (or terminates at) a pod running as a service account that matches the given label selector. If both Names and Selector are specified then they are AND'ed.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"services": {
"description": "Services is an optional field that contains options for matching Kubernetes Services. If specified, only traffic that originates from or terminates at endpoints within the selected service(s) will be matched, and only to/from each endpoint's port. \n Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets, NotNets or ServiceAccounts. \n Ports and NotPorts can only be specified with Services on ingress rules.",
"properties": {
"name": {
"description": "Name specifies the name of a Kubernetes Service to match.",
"type": "string"
},
"namespace": {
"description": "Namespace specifies the namespace of the given Service. If left empty, the rule will match within this policy's namespace.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"http": {
"description": "HTTP contains match criteria that apply to HTTP requests.",
"properties": {
"methods": {
"description": "Methods is an optional field that restricts the rule to apply only to HTTP requests that use one of the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple methods are OR'd together.",
"items": {
"type": "string"
},
"type": "array"
},
"paths": {
"description": "Paths is an optional field that restricts the rule to apply to HTTP requests that use one of the listed HTTP Paths. Multiple paths are OR'd together. e.g: - exact: /foo - prefix: /bar NOTE: Each entry may ONLY specify either a `exact` or a `prefix` match. The validator will check for it.",
"items": {
"description": "HTTPPath specifies an HTTP path to match. It may be either of the form: exact: <path>: which matches the path exactly or prefix: <path-prefix>: which matches the path prefix",
"properties": {
"exact": {
"type": "string"
},
"prefix": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"icmp": {
"description": "ICMP is an optional field that restricts the rule to apply to a specific type and code of ICMP traffic. This should only be specified if the Protocol field is set to \"ICMP\" or \"ICMPv6\".",
"properties": {
"code": {
"description": "Match on a specific ICMP code. If specified, the Type value must also be specified. This is a technical limitation imposed by the kernel's iptables firewall, which Calico uses to enforce the rule.",
"type": "integer"
},
"type": {
"description": "Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request (i.e. pings).",
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
},
"ipVersion": {
"description": "IPVersion is an optional field that restricts the rule to only match a specific IP version.",
"type": "integer"
},
"metadata": {
"description": "Metadata contains additional information for this rule",
"properties": {
"annotations": {
"additionalProperties": {
"type": "string"
},
"description": "Annotations is a set of key value pairs that give extra information about the rule",
"type": "object"
}
},
"type": "object",
"additionalProperties": false
},
"notICMP": {
"description": "NotICMP is the negated version of the ICMP field.",
"properties": {
"code": {
"description": "Match on a specific ICMP code. If specified, the Type value must also be specified. This is a technical limitation imposed by the kernel's iptables firewall, which Calico uses to enforce the rule.",
"type": "integer"
},
"type": {
"description": "Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request (i.e. pings).",
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
},
"notProtocol": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"description": "NotProtocol is the negated version of the Protocol field.",
"pattern": "^.*",
"x-kubernetes-int-or-string": true
},
"protocol": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"description": "Protocol is an optional field that restricts the rule to only apply to traffic of a specific IP protocol. Required if any of the EntityRules contain Ports (because ports only apply to certain protocols). \n Must be one of these string values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", \"UDPLite\" or an integer in the range 1-255.",
"pattern": "^.*",
"x-kubernetes-int-or-string": true
},
"source": {
"description": "Source contains the match criteria that apply to source entity.",
"properties": {
"namespaceSelector": {
"description": "NamespaceSelector is an optional field that contains a selector expression. Only traffic that originates from (or terminates at) endpoints within the selected namespaces will be matched. When both NamespaceSelector and another selector are defined on the same rule, then only workload endpoints that are matched by both selectors will be selected by the rule. \n For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting only workload endpoints in the same namespace as the NetworkPolicy. \n For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting only GlobalNetworkSet or HostEndpoint. \n For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload endpoints across all namespaces.",
"type": "string"
},
"nets": {
"description": "Nets is an optional field that restricts the rule to only apply to traffic that originates from (or terminates at) IP addresses in any of the given subnets.",
"items": {
"type": "string"
},
"type": "array"
},
"notNets": {
"description": "NotNets is the negated version of the Nets field.",
"items": {
"type": "string"
},
"type": "array"
},
"notPorts": {
"description": "NotPorts is the negated version of the Ports field. Since only some protocols have ports, if any ports are specified it requires the Protocol match in the Rule to be set to \"TCP\" or \"UDP\".",
"items": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^.*",
"x-kubernetes-int-or-string": true
},
"type": "array"
},
"notSelector": {
"description": "NotSelector is the negated version of the Selector field. See Selector field for subtleties with negated selectors.",
"type": "string"
},
"ports": {
"description": "Ports is an optional field that restricts the rule to only apply to traffic that has a source (destination) port that matches one of these ranges/values. This value is a list of integers or strings that represent ranges of ports. \n Since only some protocols have ports, if any ports are specified it requires the Protocol match in the Rule to be set to \"TCP\" or \"UDP\".",
"items": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^.*",
"x-kubernetes-int-or-string": true
},
"type": "array"
},
"selector": {
"description": "Selector is an optional field that contains a selector expression (see Policy for sample syntax). Only traffic that originates from (terminates at) endpoints matching the selector will be matched. \n Note that: in addition to the negated version of the Selector (see NotSelector below), the selector expression syntax itself supports negation. The two types of negation are subtly different. One negates the set of matched endpoints, the other negates the whole match: \n \tSelector = \"!has(my_label)\" matches packets that are from other Calico-controlled \tendpoints that do not have the label \"my_label\". \n \tNotSelector = \"has(my_label)\" matches packets that are not from Calico-controlled \tendpoints that do have the label \"my_label\". \n The effect is that the latter will accept packets from non-Calico sources whereas the former is limited to packets from Calico-controlled endpoints.",
"type": "string"
},
"serviceAccounts": {
"description": "ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or terminates at) a pod running as a matching service account.",
"properties": {
"names": {
"description": "Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates at) a pod running as a service account whose name is in the list.",
"items": {
"type": "string"
},
"type": "array"
},
"selector": {
"description": "Selector is an optional field that restricts the rule to only apply to traffic that originates from (or terminates at) a pod running as a service account that matches the given label selector. If both Names and Selector are specified then they are AND'ed.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"services": {
"description": "Services is an optional field that contains options for matching Kubernetes Services. If specified, only traffic that originates from or terminates at endpoints within the selected service(s) will be matched, and only to/from each endpoint's port. \n Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets, NotNets or ServiceAccounts. \n Ports and NotPorts can only be specified with Services on ingress rules.",
"properties": {
"name": {
"description": "Name specifies the name of a Kubernetes Service to match.",
"type": "string"
},
"namespace": {
"description": "Namespace specifies the namespace of the given Service. If left empty, the rule will match within this policy's namespace.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"action"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"ingress": {
"description": "The ordered set of ingress rules. Each rule contains a set of packet match criteria and a corresponding action to apply.",
"items": {
"description": "A Rule encapsulates a set of match criteria and an action. Both selector-based security Policy and security Profiles reference rules - separated out as a list of rules for both ingress and egress packet matching. \n Each positive match criteria has a negated version, prefixed with \"Not\". All the match criteria within a rule must be satisfied for a packet to match. A single rule can contain the positive and negative version of a match and both must be satisfied for the rule to match.",
"properties": {
"action": {
"type": "string"
},
"destination": {
"description": "Destination contains the match criteria that apply to destination entity.",
"properties": {
"namespaceSelector": {
"description": "NamespaceSelector is an optional field that contains a selector expression. Only traffic that originates from (or terminates at) endpoints within the selected namespaces will be matched. When both NamespaceSelector and another selector are defined on the same rule, then only workload endpoints that are matched by both selectors will be selected by the rule. \n For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting only workload endpoints in the same namespace as the NetworkPolicy. \n For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting only GlobalNetworkSet or HostEndpoint. \n For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload endpoints across all namespaces.",
"type": "string"
},
"nets": {
"description": "Nets is an optional field that restricts the rule to only apply to traffic that originates from (or terminates at) IP addresses in any of the given subnets.",
"items": {
"type": "string"
},
"type": "array"
},
"notNets": {
"description": "NotNets is the negated version of the Nets field.",
"items": {
"type": "string"
},
"type": "array"
},
"notPorts": {
"description": "NotPorts is the negated version of the Ports field. Since only some protocols have ports, if any ports are specified it requires the Protocol match in the Rule to be set to \"TCP\" or \"UDP\".",
"items": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^.*",
"x-kubernetes-int-or-string": true
},
"type": "array"
},
"notSelector": {
"description": "NotSelector is the negated version of the Selector field. See Selector field for subtleties with negated selectors.",
"type": "string"
},
"ports": {
"description": "Ports is an optional field that restricts the rule to only apply to traffic that has a source (destination) port that matches one of these ranges/values. This value is a list of integers or strings that represent ranges of ports. \n Since only some protocols have ports, if any ports are specified it requires the Protocol match in the Rule to be set to \"TCP\" or \"UDP\".",
"items": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^.*",
"x-kubernetes-int-or-string": true
},
"type": "array"
},
"selector": {
"description": "Selector is an optional field that contains a selector expression (see Policy for sample syntax). Only traffic that originates from (terminates at) endpoints matching the selector will be matched. \n Note that: in addition to the negated version of the Selector (see NotSelector below), the selector expression syntax itself supports negation. The two types of negation are subtly different. One negates the set of matched endpoints, the other negates the whole match: \n \tSelector = \"!has(my_label)\" matches packets that are from other Calico-controlled \tendpoints that do not have the label \"my_label\". \n \tNotSelector = \"has(my_label)\" matches packets that are not from Calico-controlled \tendpoints that do have the label \"my_label\". \n The effect is that the latter will accept packets from non-Calico sources whereas the former is limited to packets from Calico-controlled endpoints.",
"type": "string"
},
"serviceAccounts": {
"description": "ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or terminates at) a pod running as a matching service account.",
"properties": {
"names": {
"description": "Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates at) a pod running as a service account whose name is in the list.",
"items": {
"type": "string"
},
"type": "array"
},
"selector": {
"description": "Selector is an optional field that restricts the rule to only apply to traffic that originates from (or terminates at) a pod running as a service account that matches the given label selector. If both Names and Selector are specified then they are AND'ed.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"services": {
"description": "Services is an optional field that contains options for matching Kubernetes Services. If specified, only traffic that originates from or terminates at endpoints within the selected service(s) will be matched, and only to/from each endpoint's port. \n Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets, NotNets or ServiceAccounts. \n Ports and NotPorts can only be specified with Services on ingress rules.",
"properties": {
"name": {
"description": "Name specifies the name of a Kubernetes Service to match.",
"type": "string"
},
"namespace": {
"description": "Namespace specifies the namespace of the given Service. If left empty, the rule will match within this policy's namespace.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"http": {
"description": "HTTP contains match criteria that apply to HTTP requests.",
"properties": {
"methods": {
"description": "Methods is an optional field that restricts the rule to apply only to HTTP requests that use one of the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple methods are OR'd together.",
"items": {
"type": "string"
},
"type": "array"
},
"paths": {
"description": "Paths is an optional field that restricts the rule to apply to HTTP requests that use one of the listed HTTP Paths. Multiple paths are OR'd together. e.g: - exact: /foo - prefix: /bar NOTE: Each entry may ONLY specify either a `exact` or a `prefix` match. The validator will check for it.",
"items": {
"description": "HTTPPath specifies an HTTP path to match. It may be either of the form: exact: <path>: which matches the path exactly or prefix: <path-prefix>: which matches the path prefix",
"properties": {
"exact": {
"type": "string"
},
"prefix": {
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"icmp": {
"description": "ICMP is an optional field that restricts the rule to apply to a specific type and code of ICMP traffic. This should only be specified if the Protocol field is set to \"ICMP\" or \"ICMPv6\".",
"properties": {
"code": {
"description": "Match on a specific ICMP code. If specified, the Type value must also be specified. This is a technical limitation imposed by the kernel's iptables firewall, which Calico uses to enforce the rule.",
"type": "integer"
},
"type": {
"description": "Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request (i.e. pings).",
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
},
"ipVersion": {
"description": "IPVersion is an optional field that restricts the rule to only match a specific IP version.",
"type": "integer"
},
"metadata": {
"description": "Metadata contains additional information for this rule",
"properties": {
"annotations": {
"additionalProperties": {
"type": "string"
},
"description": "Annotations is a set of key value pairs that give extra information about the rule",
"type": "object"
}
},
"type": "object",
"additionalProperties": false
},
"notICMP": {
"description": "NotICMP is the negated version of the ICMP field.",
"properties": {
"code": {
"description": "Match on a specific ICMP code. If specified, the Type value must also be specified. This is a technical limitation imposed by the kernel's iptables firewall, which Calico uses to enforce the rule.",
"type": "integer"
},
"type": {
"description": "Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request (i.e. pings).",
"type": "integer"
}
},
"type": "object",
"additionalProperties": false
},
"notProtocol": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"description": "NotProtocol is the negated version of the Protocol field.",
"pattern": "^.*",
"x-kubernetes-int-or-string": true
},
"protocol": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"description": "Protocol is an optional field that restricts the rule to only apply to traffic of a specific IP protocol. Required if any of the EntityRules contain Ports (because ports only apply to certain protocols). \n Must be one of these string values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", \"UDPLite\" or an integer in the range 1-255.",
"pattern": "^.*",
"x-kubernetes-int-or-string": true
},
"source": {
"description": "Source contains the match criteria that apply to source entity.",
"properties": {
"namespaceSelector": {
"description": "NamespaceSelector is an optional field that contains a selector expression. Only traffic that originates from (or terminates at) endpoints within the selected namespaces will be matched. When both NamespaceSelector and another selector are defined on the same rule, then only workload endpoints that are matched by both selectors will be selected by the rule. \n For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting only workload endpoints in the same namespace as the NetworkPolicy. \n For NetworkPolicy, `global()` NamespaceSelector implies that the Selector is limited to selecting only GlobalNetworkSet or HostEndpoint. \n For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload endpoints across all namespaces.",
"type": "string"
},
"nets": {
"description": "Nets is an optional field that restricts the rule to only apply to traffic that originates from (or terminates at) IP addresses in any of the given subnets.",
"items": {
"type": "string"
},
"type": "array"
},
"notNets": {
"description": "NotNets is the negated version of the Nets field.",
"items": {
"type": "string"
},
"type": "array"
},
"notPorts": {
"description": "NotPorts is the negated version of the Ports field. Since only some protocols have ports, if any ports are specified it requires the Protocol match in the Rule to be set to \"TCP\" or \"UDP\".",
"items": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^.*",
"x-kubernetes-int-or-string": true
},
"type": "array"
},
"notSelector": {
"description": "NotSelector is the negated version of the Selector field. See Selector field for subtleties with negated selectors.",
"type": "string"
},
"ports": {
"description": "Ports is an optional field that restricts the rule to only apply to traffic that has a source (destination) port that matches one of these ranges/values. This value is a list of integers or strings that represent ranges of ports. \n Since only some protocols have ports, if any ports are specified it requires the Protocol match in the Rule to be set to \"TCP\" or \"UDP\".",
"items": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^.*",
"x-kubernetes-int-or-string": true
},
"type": "array"
},
"selector": {
"description": "Selector is an optional field that contains a selector expression (see Policy for sample syntax). Only traffic that originates from (terminates at) endpoints matching the selector will be matched. \n Note that: in addition to the negated version of the Selector (see NotSelector below), the selector expression syntax itself supports negation. The two types of negation are subtly different. One negates the set of matched endpoints, the other negates the whole match: \n \tSelector = \"!has(my_label)\" matches packets that are from other Calico-controlled \tendpoints that do not have the label \"my_label\". \n \tNotSelector = \"has(my_label)\" matches packets that are not from Calico-controlled \tendpoints that do have the label \"my_label\". \n The effect is that the latter will accept packets from non-Calico sources whereas the former is limited to packets from Calico-controlled endpoints.",
"type": "string"
},
"serviceAccounts": {
"description": "ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or terminates at) a pod running as a matching service account.",
"properties": {
"names": {
"description": "Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates at) a pod running as a service account whose name is in the list.",
"items": {
"type": "string"
},
"type": "array"
},
"selector": {
"description": "Selector is an optional field that restricts the rule to only apply to traffic that originates from (or terminates at) a pod running as a service account that matches the given label selector. If both Names and Selector are specified then they are AND'ed.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"services": {
"description": "Services is an optional field that contains options for matching Kubernetes Services. If specified, only traffic that originates from or terminates at endpoints within the selected service(s) will be matched, and only to/from each endpoint's port. \n Services cannot be specified on the same rule as Selector, NotSelector, NamespaceSelector, Nets, NotNets or ServiceAccounts. \n Ports and NotPorts can only be specified with Services on ingress rules.",
"properties": {
"name": {
"description": "Name specifies the name of a Kubernetes Service to match.",
"type": "string"
},
"namespace": {
"description": "Namespace specifies the namespace of the given Service. If left empty, the rule will match within this policy's namespace.",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
}
},
"required": [
"action"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"namespaceSelector": {
"description": "NamespaceSelector is an optional field for an expression used to select a pod based on namespaces.",
"type": "string"
},
"order": {
"description": "Order is an optional field that specifies the order in which the policy is applied. Policies with higher \"order\" are applied after those with lower order within the same tier. If the order is omitted, it may be considered to be \"infinite\" - i.e. the policy will be applied last. Policies with identical order will be applied in alphanumerical order based on the Policy \"Name\" within the tier.",
"type": "number"
},
"performanceHints": {
"description": "PerformanceHints contains a list of hints to Calico's policy engine to help process the policy more efficiently. Hints never change the enforcement behaviour of the policy. \n Currently, the only available hint is \"AssumeNeededOnEveryNode\". When that hint is set on a policy, Felix will act as if the policy matches a local endpoint even if it does not. This is useful for \"preloading\" any large static policies that are known to be used on every node. If the policy is _not_ used on a particular node then the work done to preload the policy (and to maintain it) is wasted.",
"items": {
"type": "string"
},
"type": "array"
},
"preDNAT": {
"description": "PreDNAT indicates to apply the rules in this policy before any DNAT.",
"type": "boolean"
},
"selector": {
"description": "The selector is an expression used to pick out the endpoints that the policy should be applied to. \n Selector expressions follow this syntax: \n \tlabel == \"string_literal\" -> comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\" -> not equal; also matches if label is not present \tlabel in { \"a\", \"b\", \"c\", ... } -> true if the value of label X is one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", ... } -> true if the value of label X is not one of \"a\", \"b\", \"c\" \thas(label_name) -> True if that label is present \t! expr -> negation of expr \texpr && expr -> Short-circuit and \texpr || expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() or the empty selector -> matches all endpoints. \n Label names are allowed to contain alphanumerics, -, _ and /. String literals are more permissive but they do not support escape characters. \n Examples (with made-up labels): \n \ttype == \"webserver\" && deployment == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment != \"dev\" \t! has(label_name)",
"type": "string"
},
"serviceAccountSelector": {
"description": "ServiceAccountSelector is an optional field for an expression used to select a pod based on service accounts.",
"type": "string"
},
"tier": {
"description": "The name of the tier that this policy belongs to. If this is omitted, the default tier (name is \"default\") is assumed. The specified tier must exist in order to create security policies within the tier, the \"default\" tier is created automatically if it does not exist, this means for deployments requiring only a single Tier, the tier name may be omitted on all policy management requests.",
"type": "string"
},
"types": {
"description": "Types indicates whether this policy applies to ingress, or to egress, or to both. When not explicitly specified (and so the value on creation is empty or nil), Calico defaults Types according to what Ingress and Egress rules are present in the policy. The default is: \n - [ PolicyTypeIngress ], if there are no Egress rules (including the case where there are also no Ingress rules) \n - [ PolicyTypeEgress ], if there are Egress rules but no Ingress rules \n - [ PolicyTypeIngress, PolicyTypeEgress ], if there are both Ingress and Egress rules. \n When the policy is read back again, Types will always be one of these values, never empty or nil.",
"items": {
"description": "PolicyType enumerates the possible values of the PolicySpec Types field.",
"type": "string"
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

31
projectcalico.org/globalnetworkset_v3.json Normal file
View File

@ -0,0 +1,31 @@
{
"description": "GlobalNetworkSet contains a set of arbitrary IP sub-networks/CIDRs that share labels to allow rules to refer to them via selectors. The labels of GlobalNetworkSet are not namespaced.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "GlobalNetworkSetSpec contains the specification for a NetworkSet resource.",
"properties": {
"nets": {
"description": "The list of IP networks that belong to this set.",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

78
projectcalico.org/hostendpoint_v3.json Normal file
View File

@ -0,0 +1,78 @@
{
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "HostEndpointSpec contains the specification for a HostEndpoint resource.",
"properties": {
"expectedIPs": {
"description": "The expected IP addresses (IPv4 and IPv6) of the endpoint. If \"InterfaceName\" is not present, Calico will look for an interface matching any of the IPs in the list and apply policy to that. Note: \tWhen using the selector match criteria in an ingress or egress security Policy \tor Profile, Calico converts the selector into a set of IP addresses. For host \tendpoints, the ExpectedIPs field is used for that purpose. (If only the interface \tname is specified, Calico does not learn the IPs of the interface for use in match \tcriteria.)",
"items": {
"type": "string"
},
"type": "array"
},
"interfaceName": {
"description": "Either \"*\", or the name of a specific Linux interface to apply policy to; or empty. \"*\" indicates that this HostEndpoint governs all traffic to, from or through the default network namespace of the host named by the \"Node\" field; entering and leaving that namespace via any interface, including those from/to non-host-networked local workloads. \n If InterfaceName is not \"*\", this HostEndpoint only governs traffic that enters or leaves the host through the specific interface named by InterfaceName, or - when InterfaceName is empty - through the specific interface that has one of the IPs in ExpectedIPs. Therefore, when InterfaceName is empty, at least one expected IP must be specified. Only external interfaces (such as \"eth0\") are supported here; it isn't possible for a HostEndpoint to protect traffic through a specific local workload interface. \n Note: Only some kinds of policy are implemented for \"*\" HostEndpoints; initially just pre-DNAT policy. Please check Calico documentation for the latest position.",
"type": "string"
},
"node": {
"description": "The node name identifying the Calico node instance.",
"type": "string"
},
"ports": {
"description": "Ports contains the endpoint's named ports, which may be referenced in security policy rules.",
"items": {
"properties": {
"name": {
"type": "string"
},
"port": {
"type": "integer"
},
"protocol": {
"anyOf": [
{
"type": "integer"
},
{
"type": "string"
}
],
"pattern": "^.*",
"x-kubernetes-int-or-string": true
}
},
"required": [
"name",
"port",
"protocol"
],
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"profiles": {
"description": "A list of identifiers of security Profile objects that apply to this endpoint. Each profile is applied in the order that they appear in this list. Profile rules are applied after the selector-based security policy.",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

94
projectcalico.org/ipamblock_v3.json Normal file
View File

@ -0,0 +1,94 @@
{
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "IPAMBlockSpec contains the specification for an IPAMBlock resource.",
"properties": {
"affinity": {
"description": "Affinity of the block, if this block has one. If set, it will be of the form \"host:<hostname>\". If not set, this block is not affine to a host.",
"type": "string"
},
"allocations": {
"description": "Array of allocations in-use within this block. nil entries mean the allocation is free. For non-nil entries at index i, the index is the ordinal of the allocation within this block and the value is the index of the associated attributes in the Attributes array.",
"items": {
"type": "integer",
"nullable": true
},
"type": "array"
},
"attributes": {
"description": "Attributes is an array of arbitrary metadata associated with allocations in the block. To find attributes for a given allocation, use the value of the allocation's entry in the Allocations array as the index of the element in this array.",
"items": {
"properties": {
"handle_id": {
"type": "string"
},
"secondary": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object",
"additionalProperties": false
},
"type": "array"
},
"cidr": {
"description": "The block's CIDR.",
"type": "string"
},
"deleted": {
"description": "Deleted is an internal boolean used to workaround a limitation in the Kubernetes API whereby deletion will not return a conflict error if the block has been updated. It should not be set manually.",
"type": "boolean"
},
"sequenceNumber": {
"default": 0,
"description": "We store a sequence number that is updated each time the block is written. Each allocation will also store the sequence number of the block at the time of its creation. When releasing an IP, passing the sequence number associated with the allocation allows us to protect against a race condition and ensure the IP hasn't been released and re-allocated since the release request.",
"format": "int64",
"type": "integer"
},
"sequenceNumberForAllocation": {
"additionalProperties": {
"format": "int64",
"type": "integer"
},
"description": "Map of allocated ordinal within the block to sequence number of the block at the time of allocation. Kubernetes does not allow numerical keys for maps, so the key is cast to a string.",
"type": "object"
},
"strictAffinity": {
"description": "StrictAffinity on the IPAMBlock is deprecated and no longer used by the code. Use IPAMConfig StrictAffinity instead.",
"type": "boolean"
},
"unallocated": {
"description": "Unallocated is an ordered list of allocations which are free in the block.",
"items": {
"type": "integer"
},
"type": "array"
}
},
"required": [
"allocations",
"attributes",
"cidr",
"strictAffinity",
"unallocated"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

39
projectcalico.org/ipamconfig_v3.json Normal file
View File

@ -0,0 +1,39 @@
{
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "IPAMConfigSpec contains the specification for an IPAMConfig resource.",
"properties": {
"autoAllocateBlocks": {
"type": "boolean"
},
"maxBlocksPerHost": {
"description": "MaxBlocksPerHost, if non-zero, is the max number of blocks that can be affine to each host.",
"maximum": 2147483647,
"minimum": 0,
"type": "integer"
},
"strictAffinity": {
"type": "boolean"
}
},
"required": [
"autoAllocateBlocks",
"strictAffinity"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

39
projectcalico.org/ipamhandle_v3.json Normal file
View File

@ -0,0 +1,39 @@
{
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "IPAMHandleSpec contains the specification for an IPAMHandle resource.",
"properties": {
"block": {
"additionalProperties": {
"type": "integer"
},
"type": "object"
},
"deleted": {
"type": "boolean"
},
"handleID": {
"type": "string"
}
},
"required": [
"block",
"handleID"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

84
projectcalico.org/ippool_v3.json Normal file
View File

@ -0,0 +1,84 @@
{
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "IPPoolSpec contains the specification for an IPPool resource.",
"properties": {
"allowedUses": {
"description": "AllowedUse controls what the IP pool will be used for. If not specified or empty, defaults to [\"Tunnel\", \"Workload\"] for back-compatibility",
"items": {
"type": "string"
},
"type": "array"
},
"blockSize": {
"description": "The block size to use for IP address assignments from this pool. Defaults to 26 for IPv4 and 122 for IPv6.",
"type": "integer"
},
"cidr": {
"description": "The pool CIDR.",
"type": "string"
},
"disableBGPExport": {
"description": "Disable exporting routes from this IP Pool's CIDR over BGP. [Default: false]",
"type": "boolean"
},
"disabled": {
"description": "When disabled is true, Calico IPAM will not assign addresses from this pool.",
"type": "boolean"
},
"ipip": {
"description": "Deprecated: this field is only used for APIv1 backwards compatibility. Setting this field is not allowed, this field is for internal use only.",
"properties": {
"enabled": {
"description": "When enabled is true, ipip tunneling will be used to deliver packets to destinations within this pool.",
"type": "boolean"
},
"mode": {
"description": "The IPIP mode. This can be one of \"always\" or \"cross-subnet\". A mode of \"always\" will also use IPIP tunneling for routing to destination IP addresses within this pool. A mode of \"cross-subnet\" will only use IPIP tunneling when the destination node is on a different subnet to the originating node. The default value (if not specified) is \"always\".",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"ipipMode": {
"description": "Contains configuration for IPIP tunneling for this pool. If not specified, then this is defaulted to \"Never\" (i.e. IPIP tunneling is disabled).",
"type": "string"
},
"nat-outgoing": {
"description": "Deprecated: this field is only used for APIv1 backwards compatibility. Setting this field is not allowed, this field is for internal use only.",
"type": "boolean"
},
"natOutgoing": {
"description": "When natOutgoing is true, packets sent from Calico networked containers in this pool to destinations outside of this pool will be masqueraded.",
"type": "boolean"
},
"nodeSelector": {
"description": "Allows IPPool to allocate for a specific node by label selector.",
"type": "string"
},
"vxlanMode": {
"description": "Contains configuration for VXLAN tunneling for this pool. If not specified, then this is defaulted to \"Never\" (i.e. VXLAN tunneling is disabled).",
"type": "string"
}
},
"required": [
"cidr"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

30
projectcalico.org/ipreservation_v3.json Normal file
View File

@ -0,0 +1,30 @@
{
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "IPReservationSpec contains the specification for an IPReservation resource.",
"properties": {
"reservedCIDRs": {
"description": "ReservedCIDRs is a list of CIDRs and/or IP addresses that Calico IPAM will exclude from new allocations.",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

254
projectcalico.org/kubecontrollersconfiguration_v3.json Normal file
View File

@ -0,0 +1,254 @@
{
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"type": "object"
},
"spec": {
"description": "KubeControllersConfigurationSpec contains the values of the Kubernetes controllers configuration.",
"properties": {
"controllers": {
"description": "Controllers enables and configures individual Kubernetes controllers",
"properties": {
"namespace": {
"description": "Namespace enables and configures the namespace controller. Enabled by default, set to nil to disable.",
"properties": {
"reconcilerPeriod": {
"description": "ReconcilerPeriod is the period to perform reconciliation with the Calico datastore. [Default: 5m]",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"node": {
"description": "Node enables and configures the node controller. Enabled by default, set to nil to disable.",
"properties": {
"hostEndpoint": {
"description": "HostEndpoint controls syncing nodes to host endpoints. Disabled by default, set to nil to disable.",
"properties": {
"autoCreate": {
"description": "AutoCreate enables automatic creation of host endpoints for every node. [Default: Disabled]",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"leakGracePeriod": {
"description": "LeakGracePeriod is the period used by the controller to determine if an IP address has been leaked. Set to 0 to disable IP garbage collection. [Default: 15m]",
"type": "string"
},
"reconcilerPeriod": {
"description": "ReconcilerPeriod is the period to perform reconciliation with the Calico datastore. [Default: 5m]",
"type": "string"
},
"syncLabels": {
"description": "SyncLabels controls whether to copy Kubernetes node labels to Calico nodes. [Default: Enabled]",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"policy": {
"description": "Policy enables and configures the policy controller. Enabled by default, set to nil to disable.",
"properties": {
"reconcilerPeriod": {
"description": "ReconcilerPeriod is the period to perform reconciliation with the Calico datastore. [Default: 5m]",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"serviceAccount": {
"description": "ServiceAccount enables and configures the service account controller. Enabled by default, set to nil to disable.",
"properties": {
"reconcilerPeriod": {
"description": "ReconcilerPeriod is the period to perform reconciliation with the Calico datastore. [Default: 5m]",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"workloadEndpoint": {
"description": "WorkloadEndpoint enables and configures the workload endpoint controller. Enabled by default, set to nil to disable.",
"properties": {
"reconcilerPeriod": {
"description": "ReconcilerPeriod is the period to perform reconciliation with the Calico datastore. [Default: 5m]",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"debugProfilePort": {
"description": "DebugProfilePort configures the port to serve memory and cpu profiles on. If not specified, profiling is disabled.",
"format": "int32",
"type": "integer"
},
"etcdV3CompactionPeriod": {
"description": "EtcdV3CompactionPeriod is the period between etcdv3 compaction requests. Set to 0 to disable. [Default: 10m]",
"type": "string"
},
"healthChecks": {
"description": "HealthChecks enables or disables support for health checks [Default: Enabled]",
"type": "string"
},
"logSeverityScreen": {
"description": "LogSeverityScreen is the log severity above which logs are sent to the stdout. [Default: Info]",
"type": "string"
},
"prometheusMetricsPort": {
"description": "PrometheusMetricsPort is the TCP port that the Prometheus metrics server should bind to. Set to 0 to disable. [Default: 9094]",
"type": "integer"
}
},
"required": [
"controllers"
],
"type": "object",
"additionalProperties": false
},
"status": {
"description": "KubeControllersConfigurationStatus represents the status of the configuration. It's useful for admins to be able to see the actual config that was applied, which can be modified by environment variables on the kube-controllers process.",
"properties": {
"environmentVars": {
"additionalProperties": {
"type": "string"
},
"description": "EnvironmentVars contains the environment variables on the kube-controllers that influenced the RunningConfig.",
"type": "object"
},
"runningConfig": {
"description": "RunningConfig contains the effective config that is running in the kube-controllers pod, after merging the API resource with any environment variables.",
"properties": {
"controllers": {
"description": "Controllers enables and configures individual Kubernetes controllers",
"properties": {
"namespace": {
"description": "Namespace enables and configures the namespace controller. Enabled by default, set to nil to disable.",
"properties": {
"reconcilerPeriod": {
"description": "ReconcilerPeriod is the period to perform reconciliation with the Calico datastore. [Default: 5m]",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"node": {
"description": "Node enables and configures the node controller. Enabled by default, set to nil to disable.",
"properties": {
"hostEndpoint": {
"description": "HostEndpoint controls syncing nodes to host endpoints. Disabled by default, set to nil to disable.",
"properties": {
"autoCreate": {
"description": "AutoCreate enables automatic creation of host endpoints for every node. [Default: Disabled]",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"leakGracePeriod": {
"description": "LeakGracePeriod is the period used by the controller to determine if an IP address has been leaked. Set to 0 to disable IP garbage collection. [Default: 15m]",
"type": "string"
},
"reconcilerPeriod": {
"description": "ReconcilerPeriod is the period to perform reconciliation with the Calico datastore. [Default: 5m]",
"type": "string"
},
"syncLabels": {
"description": "SyncLabels controls whether to copy Kubernetes node labels to Calico nodes. [Default: Enabled]",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"policy": {
"description": "Policy enables and configures the policy controller. Enabled by default, set to nil to disable.",
"properties": {
"reconcilerPeriod": {
"description": "ReconcilerPeriod is the period to perform reconciliation with the Calico datastore. [Default: 5m]",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"serviceAccount": {
"description": "ServiceAccount enables and configures the service account controller. Enabled by default, set to nil to disable.",
"properties": {
"reconcilerPeriod": {
"description": "ReconcilerPeriod is the period to perform reconciliation with the Calico datastore. [Default: 5m]",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
},
"workloadEndpoint": {
"description": "WorkloadEndpoint enables and configures the workload endpoint controller. Enabled by default, set to nil to disable.",
"properties": {
"reconcilerPeriod": {
"description": "ReconcilerPeriod is the period to perform reconciliation with the Calico datastore. [Default: 5m]",
"type": "string"
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"debugProfilePort": {
"description": "DebugProfilePort configures the port to serve memory and cpu profiles on. If not specified, profiling is disabled.",
"format": "int32",
"type": "integer"
},
"etcdV3CompactionPeriod": {
"description": "EtcdV3CompactionPeriod is the period between etcdv3 compaction requests. Set to 0 to disable. [Default: 10m]",
"type": "string"
},
"healthChecks": {
"description": "HealthChecks enables or disables support for health checks [Default: Enabled]",
"type": "string"
},
"logSeverityScreen": {
"description": "LogSeverityScreen is the log severity above which logs are sent to the stdout. [Default: Info]",
"type": "string"
},
"prometheusMetricsPort": {
"description": "PrometheusMetricsPort is the TCP port that the Prometheus metrics server should bind to. Set to 0 to disable. [Default: 9094]",
"type": "integer"
}
},
"required": [
"controllers"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
}
},
"type": "object"
}

Some files were not shown because too many files have changed in this diff Show More