diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index 1e7e3f23..d77d0cca 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -45,5 +45,6 @@ jobs:
- run: |
sudo apt-get update
sudo apt-get install -y golang-cfssl
+ sudo swapoff -a
- name: e2e testing
run: make e2e
diff --git a/Makefile b/Makefile
index b1ccb3fd..1c00bd08 100644
--- a/Makefile
+++ b/Makefile
@@ -85,7 +85,7 @@ kind: ## Download kind locally if necessary.
CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
controller-gen: ## Download controller-gen locally if necessary.
- $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0)
+ $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.16.1)
GOLANGCI_LINT = $(shell pwd)/bin/golangci-lint
golangci-lint: ## Download golangci-lint locally if necessary.
diff --git a/charts/kamaji/crds/datastore.yaml b/charts/kamaji/crds/datastore.yaml
index 97405495..41cac12e 100644
--- a/charts/kamaji/crds/datastore.yaml
+++ b/charts/kamaji/crds/datastore.yaml
@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: kamaji-system/kamaji-serving-cert
- controller-gen.kubebuilder.io/version: v0.11.4
+ controller-gen.kubebuilder.io/version: v0.16.1
name: datastores.kamaji.clastix.io
spec:
group: kamaji.clastix.io
diff --git a/charts/kamaji/crds/tenantcontrolplane.yaml b/charts/kamaji/crds/tenantcontrolplane.yaml
index 1e0cfa6b..6c3fccfa 100644
--- a/charts/kamaji/crds/tenantcontrolplane.yaml
+++ b/charts/kamaji/crds/tenantcontrolplane.yaml
@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: kamaji-system/kamaji-serving-cert
- controller-gen.kubebuilder.io/version: v0.11.4
+ controller-gen.kubebuilder.io/version: v0.16.1
name: tenantcontrolplanes.kamaji.clastix.io
spec:
conversion:
@@ -203,11 +203,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry
@@ -219,6 +217,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -356,10 +360,13 @@ spec:
description: The key to select.
type: string
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap
@@ -422,10 +429,13 @@ spec:
key.
type: string
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret
@@ -459,10 +469,13 @@ spec:
description: The ConfigMap to select from
properties:
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap
@@ -478,10 +491,13 @@ spec:
description: The Secret to select from
properties:
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret must
@@ -772,11 +788,11 @@ spec:
format: int32
type: integer
service:
+ default: ""
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
@@ -987,11 +1003,11 @@ spec:
format: int32
type: integer
service:
+ default: ""
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
@@ -1140,11 +1156,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry
@@ -1156,6 +1170,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -1279,7 +1299,7 @@ spec:
procMount:
description: |-
procMount denotes the type of proc mount to use for the containers.
- The default is DefaultProcMount which uses the container runtime defaults for
+ The default value is Default which uses the container runtime defaults for
readonly paths and masked paths.
This requires the ProcMountType feature flag to be enabled.
Note that this field cannot be set when spec.os.name is windows.
@@ -1361,7 +1381,6 @@ spec:
type indicates which kind of seccomp profile will be applied.
Valid options are:
-
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
@@ -1443,11 +1462,11 @@ spec:
format: int32
type: integer
service:
+ default: ""
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
@@ -1663,10 +1682,8 @@ spec:
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -1674,11 +1691,9 @@ spec:
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
type: string
subPath:
@@ -1782,10 +1797,13 @@ spec:
description: The key to select.
type: string
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap
@@ -1848,10 +1866,13 @@ spec:
key.
type: string
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret
@@ -1885,10 +1906,13 @@ spec:
description: The ConfigMap to select from
properties:
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap
@@ -1904,10 +1928,13 @@ spec:
description: The Secret to select from
properties:
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret must
@@ -2198,11 +2225,11 @@ spec:
format: int32
type: integer
service:
+ default: ""
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
@@ -2413,11 +2440,11 @@ spec:
format: int32
type: integer
service:
+ default: ""
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
@@ -2566,11 +2593,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry
@@ -2582,6 +2607,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -2705,7 +2736,7 @@ spec:
procMount:
description: |-
procMount denotes the type of proc mount to use for the containers.
- The default is DefaultProcMount which uses the container runtime defaults for
+ The default value is Default which uses the container runtime defaults for
readonly paths and masked paths.
This requires the ProcMountType feature flag to be enabled.
Note that this field cannot be set when spec.os.name is windows.
@@ -2787,7 +2818,6 @@ spec:
type indicates which kind of seccomp profile will be applied.
Valid options are:
-
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
@@ -2869,11 +2899,11 @@ spec:
format: int32
type: integer
service:
+ default: ""
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
@@ -3089,10 +3119,8 @@ spec:
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -3100,11 +3128,9 @@ spec:
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
type: string
subPath:
@@ -3189,10 +3215,8 @@ spec:
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -3200,11 +3224,9 @@ spec:
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
type: string
subPath:
@@ -3256,10 +3278,8 @@ spec:
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -3267,11 +3287,9 @@ spec:
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
type: string
subPath:
@@ -3323,10 +3341,8 @@ spec:
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -3334,11 +3350,9 @@ spec:
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
type: string
subPath:
@@ -3378,7 +3392,6 @@ spec:
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem from compromising the machine
type: string
partition:
description: |-
@@ -3418,6 +3431,7 @@ spec:
the blob storage
type: string
fsType:
+ default: ext4
description: |-
fsType is Filesystem type to mount.
Must be a filesystem type supported by the host operating system.
@@ -3431,6 +3445,7 @@ spec:
set). defaults to shared'
type: string
readOnly:
+ default: false
description: |-
readOnly Defaults to false (read/write). ReadOnly here will force
the ReadOnly setting in VolumeMounts.
@@ -3493,10 +3508,13 @@ spec:
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
properties:
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
@@ -3532,10 +3550,13 @@ spec:
to OpenStack.
properties:
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
@@ -3602,10 +3623,13 @@ spec:
type: array
x-kubernetes-list-type: atomic
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: optional specify whether the ConfigMap
@@ -3638,10 +3662,13 @@ spec:
secret object contains more than one secret, all secret references are passed.
properties:
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
@@ -3782,7 +3809,6 @@ spec:
The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
and deleted when the pod is removed.
-
Use this if:
a) the volume is only needed while the pod runs,
b) features of normal volumes like restoring from snapshot or capacity
@@ -3793,17 +3819,14 @@ spec:
information on the connection between this volume type
and PersistentVolumeClaim).
-
Use PersistentVolumeClaim or one of the vendor-specific
APIs for volumes that persist for longer than the lifecycle
of an individual pod.
-
Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
be used that way - see the documentation of the driver for
more information.
-
A pod can use both types of ephemeral volumes and
persistent volumes at the same time.
properties:
@@ -3817,7 +3840,6 @@ spec:
entry. Pod validation will reject the pod if the concatenated name
is not valid for a PVC (for example, too long).
-
An existing PVC with that name that is not owned by the pod
will *not* be used for the pod to avoid using an unrelated
volume by mistake. Starting the pod is then blocked until
@@ -3827,11 +3849,9 @@ spec:
this should not be necessary, but it may be useful when
manually reconstructing a broken cluster.
-
This field is read-only and no changes will be made by Kubernetes
to the PVC after it has been created.
-
Required, must not be nil.
properties:
metadata:
@@ -4035,7 +4055,7 @@ spec:
set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
exists.
More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
- (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
type: string
volumeMode:
description: |-
@@ -4061,7 +4081,6 @@ spec:
fsType is the filesystem type to mount.
Must be a filesystem type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- TODO: how do we prevent errors in the filesystem from compromising the machine
type: string
lun:
description: 'lun is Optional: FC target lun number'
@@ -4123,10 +4142,13 @@ spec:
scripts.
properties:
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
@@ -4160,7 +4182,6 @@ spec:
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem from compromising the machine
type: string
partition:
description: |-
@@ -4241,9 +4262,6 @@ spec:
used for system agents or other privileged things that are allowed
to see the host machine. Most containers will NOT need this.
More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- ---
- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
- mount host directories as read/write.
properties:
path:
description: |-
@@ -4260,6 +4278,41 @@ spec:
required:
- path
type: object
+ image:
+ description: |-
+ image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
+ The volume is resolved at pod startup depending on which PullPolicy value is provided:
+
+ - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+ - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+ - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+
+ The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
+ A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
+ The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
+ The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
+ The volume will be mounted read-only (ro) and non-executable files (noexec).
+ Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
+ The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
+ properties:
+ pullPolicy:
+ description: |-
+ Policy for pulling OCI objects. Possible values are:
+ Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+ Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+ IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ type: string
+ reference:
+ description: |-
+ Required: Image or artifact reference to be used.
+ Behaves in the same way as pod.spec.containers[*].image.
+ Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ type: object
iscsi:
description: |-
iscsi represents an ISCSI Disk resource that is attached to a
@@ -4280,7 +4333,6 @@ spec:
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem from compromising the machine
type: string
initiatorName:
description: |-
@@ -4292,6 +4344,7 @@ spec:
description: iqn is the target iSCSI Qualified Name.
type: string
iscsiInterface:
+ default: default
description: |-
iscsiInterface is the interface Name that uses an iSCSI transport.
Defaults to 'default' (tcp).
@@ -4318,10 +4371,13 @@ spec:
target and initiator authentication
properties:
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
@@ -4440,24 +4496,24 @@ spec:
format: int32
type: integer
sources:
- description: sources is the list of volume projections
+ description: |-
+ sources is the list of volume projections. Each entry in this list
+ handles one source.
items:
- description: Projection that may be projected
- along with other supported volume types
+ description: |-
+ Projection that may be projected along with other supported volume types.
+ Exactly one of these fields must be set.
properties:
clusterTrustBundle:
description: |-
ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
of ClusterTrustBundle objects in an auto-updating file.
-
Alpha, gated by the ClusterTrustBundleProjection feature gate.
-
ClusterTrustBundle objects can either be selected by name, or by the
combination of signer name and a label selector.
-
Kubelet performs aggressive normalization of the PEM contents written
into the pod filesystem. Esoteric PEM features such as inter-block
comments and block headers are stripped. Certificates are deduplicated.
@@ -4586,10 +4642,13 @@ spec:
type: array
x-kubernetes-list-type: atomic
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: optional specify whether
@@ -4725,10 +4784,13 @@ spec:
type: array
x-kubernetes-list-type: atomic
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: optional field specify whether
@@ -4818,7 +4880,6 @@ spec:
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem from compromising the machine
type: string
image:
description: |-
@@ -4826,6 +4887,7 @@ spec:
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
type: string
keyring:
+ default: /etc/ceph/keyring
description: |-
keyring is the path to key ring for RBDUser.
Default is /etc/ceph/keyring.
@@ -4840,6 +4902,7 @@ spec:
type: array
x-kubernetes-list-type: atomic
pool:
+ default: rbd
description: |-
pool is the rados pool name.
Default is rbd.
@@ -4859,14 +4922,18 @@ spec:
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
properties:
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
user:
+ default: admin
description: |-
user is the rados user name.
Default is admin.
@@ -4881,6 +4948,7 @@ spec:
volume attached and mounted on Kubernetes nodes.
properties:
fsType:
+ default: xfs
description: |-
fsType is the filesystem type to mount.
Must be a filesystem type supported by the host operating system.
@@ -4906,10 +4974,13 @@ spec:
sensitive information. If this is not provided, Login operation will fail.
properties:
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
@@ -4918,6 +4989,7 @@ spec:
communication with Gateway, default false
type: boolean
storageMode:
+ default: ThinProvisioned
description: |-
storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
Default is ThinProvisioned.
@@ -5026,10 +5098,13 @@ spec:
credentials. If not specified, default values will be attempted.
properties:
name:
+ default: ""
description: |-
Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
@@ -5368,7 +5443,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5383,7 +5458,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5551,7 +5626,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5566,7 +5641,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5732,7 +5807,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5747,7 +5822,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5915,7 +5990,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5930,7 +6005,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -6106,11 +6181,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry
@@ -6122,6 +6195,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -6163,11 +6242,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry
@@ -6179,6 +6256,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -6221,11 +6304,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry
@@ -6237,6 +6318,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -6278,11 +6365,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry
@@ -6294,6 +6379,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -6354,9 +6445,6 @@ spec:
description: |-
Rolling update config params. Present only if DeploymentStrategyType =
RollingUpdate.
- ---
- TODO: Update this to follow our convention for oneOf, whatever we decide it
- to be.
properties:
maxSurge:
anyOf:
@@ -6508,7 +6596,6 @@ spec:
Keys that don't exist in the incoming pod labels will
be ignored. A null or empty list means only match against labelSelector.
-
This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
items:
type: string
@@ -6548,7 +6635,6 @@ spec:
Valid values are integers greater than 0.
When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
-
For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
labelSelector spread as 2/2/2:
| zone1 | zone2 | zone3 |
@@ -6566,7 +6652,6 @@ spec:
- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
-
If this value is nil, the behavior is equivalent to the Honor policy.
This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
type: string
@@ -6578,7 +6663,6 @@ spec:
has a toleration, are included.
- Ignore: node taints are ignored. All nodes are included.
-
If this value is nil, the behavior is equivalent to the Ignore policy.
This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
type: string
@@ -6926,18 +7010,8 @@ spec:
conditions:
description: Current service state
items:
- description: "Condition contains details for one aspect
- of the current state of this API Resource.\n---\nThis
- struct is intended for direct use as an array at the
- field path .status.conditions. For example,\n\n\n\ttype
- FooStatus struct{\n\t // Represents the observations
- of a foo's current state.\n\t // Known .status.conditions.type
- are: \"Available\", \"Progressing\", and \"Degraded\"\n\t
- \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t
- \ // +listType=map\n\t // +listMapKey=type\n\t
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
- \ // other fields\n\t}"
+ description: Condition contains details for one aspect
+ of the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
@@ -6979,12 +7053,8 @@ spec:
- Unknown
type: string
type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- ---
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
- useful (see .node.status.conditions), the ability to deconflict is important.
- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: type of condition in CamelCase or in
+ foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -7046,8 +7116,6 @@ spec:
CamelCase names
- cloud provider specific error values must have names that comply with the
format foo.example.com/CamelCase.
- ---
- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -7058,12 +7126,12 @@ spec:
format: int32
type: integer
protocol:
- default: TCP
description: |-
Protocol is the protocol of the service port of which status is recorded here
The supported values are: "TCP", "UDP", "SCTP"
type: string
required:
+ - error
- port
- protocol
type: object
@@ -7422,8 +7490,6 @@ spec:
CamelCase names
- cloud provider specific error values must have names that comply with the
format foo.example.com/CamelCase.
- ---
- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -7433,12 +7499,12 @@ spec:
format: int32
type: integer
protocol:
- default: TCP
description: |-
protocol is the protocol of the ingress port.
The supported values are: "TCP", "UDP", "SCTP"
type: string
required:
+ - error
- port
- protocol
type: object
@@ -7466,18 +7532,8 @@ spec:
conditions:
description: Current service state
items:
- description: "Condition contains details for one aspect
- of the current state of this API Resource.\n---\nThis
- struct is intended for direct use as an array at the field
- path .status.conditions. For example,\n\n\n\ttype FooStatus
- struct{\n\t // Represents the observations of a foo's
- current state.\n\t // Known .status.conditions.type
- are: \"Available\", \"Progressing\", and \"Degraded\"\n\t
- \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t
- \ // +listType=map\n\t // +listMapKey=type\n\t Conditions
- []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
- patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
- \ // other fields\n\t}"
+ description: Condition contains details for one aspect of
+ the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
@@ -7519,12 +7575,7 @@ spec:
- Unknown
type: string
type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- ---
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
- useful (see .node.status.conditions), the ability to deconflict is important.
- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -7586,8 +7637,6 @@ spec:
CamelCase names
- cloud provider specific error values must have names that comply with the
format foo.example.com/CamelCase.
- ---
- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -7598,12 +7647,12 @@ spec:
format: int32
type: integer
protocol:
- default: TCP
description: |-
Protocol is the protocol of the service port of which status is recorded here
The supported values are: "TCP", "UDP", "SCTP"
type: string
required:
+ - error
- port
- protocol
type: object
diff --git a/charts/kamaji/templates/rbac.yaml b/charts/kamaji/templates/rbac.yaml
index 8fb939c3..bd35d701 100644
--- a/charts/kamaji/templates/rbac.yaml
+++ b/charts/kamaji/templates/rbac.yaml
@@ -67,42 +67,20 @@ rules:
- update
- watch
- apiGroups:
- - batch
+ - batch
resources:
- - jobs
- verbs:
- - create
- - delete
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - configmaps
+ - jobs
verbs:
- create
- delete
- get
- list
- - patch
- - update
- watch
- apiGroups:
- ""
resources:
+ - configmaps
- secrets
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - ""
- resources:
- services
verbs:
- create
@@ -112,29 +90,10 @@ rules:
- patch
- update
- watch
-- apiGroups:
- - kamaji.clastix.io
- resources:
- - datastores
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - kamaji.clastix.io
- resources:
- - datastores/status
- verbs:
- - get
- - patch
- - update
- apiGroups:
- kamaji.clastix.io
resources:
+ - datastores
- tenantcontrolplanes
verbs:
- create
@@ -147,16 +106,17 @@ rules:
- apiGroups:
- kamaji.clastix.io
resources:
- - tenantcontrolplanes/finalizers
+ - datastores/status
+ - tenantcontrolplanes/status
verbs:
+ - get
+ - patch
- update
- apiGroups:
- kamaji.clastix.io
resources:
- - tenantcontrolplanes/status
+ - tenantcontrolplanes/finalizers
verbs:
- - get
- - patch
- update
- apiGroups:
- networking.k8s.io
diff --git a/config/crd/bases/kamaji.clastix.io_datastores.yaml b/config/crd/bases/kamaji.clastix.io_datastores.yaml
index e5f8c5d2..f8f916ac 100644
--- a/config/crd/bases/kamaji.clastix.io_datastores.yaml
+++ b/config/crd/bases/kamaji.clastix.io_datastores.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.14.0
+ controller-gen.kubebuilder.io/version: v0.16.1
name: datastores.kamaji.clastix.io
spec:
group: kamaji.clastix.io
diff --git a/config/crd/bases/kamaji.clastix.io_tenantcontrolplanes.yaml b/config/crd/bases/kamaji.clastix.io_tenantcontrolplanes.yaml
index e54041f1..0761b49c 100644
--- a/config/crd/bases/kamaji.clastix.io_tenantcontrolplanes.yaml
+++ b/config/crd/bases/kamaji.clastix.io_tenantcontrolplanes.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.14.0
+ controller-gen.kubebuilder.io/version: v0.16.1
name: tenantcontrolplanes.kamaji.clastix.io
spec:
group: kamaji.clastix.io
@@ -194,11 +194,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry
@@ -210,6 +208,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -353,9 +357,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the ConfigMap
@@ -424,9 +426,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the Secret
@@ -466,9 +466,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the ConfigMap
@@ -490,9 +488,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the Secret must
@@ -783,11 +779,11 @@ spec:
format: int32
type: integer
service:
+ default: ""
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
@@ -998,11 +994,11 @@ spec:
format: int32
type: integer
service:
+ default: ""
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
@@ -1151,11 +1147,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry
@@ -1167,6 +1161,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -1290,7 +1290,7 @@ spec:
procMount:
description: |-
procMount denotes the type of proc mount to use for the containers.
- The default is DefaultProcMount which uses the container runtime defaults for
+ The default value is Default which uses the container runtime defaults for
readonly paths and masked paths.
This requires the ProcMountType feature flag to be enabled.
Note that this field cannot be set when spec.os.name is windows.
@@ -1372,7 +1372,6 @@ spec:
type indicates which kind of seccomp profile will be applied.
Valid options are:
-
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
@@ -1454,11 +1453,11 @@ spec:
format: int32
type: integer
service:
+ default: ""
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
@@ -1674,10 +1673,8 @@ spec:
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -1685,11 +1682,9 @@ spec:
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
type: string
subPath:
@@ -1799,9 +1794,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the ConfigMap
@@ -1870,9 +1863,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the Secret
@@ -1912,9 +1903,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the ConfigMap
@@ -1936,9 +1925,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the Secret must
@@ -2229,11 +2216,11 @@ spec:
format: int32
type: integer
service:
+ default: ""
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
@@ -2444,11 +2431,11 @@ spec:
format: int32
type: integer
service:
+ default: ""
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
@@ -2597,11 +2584,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry
@@ -2613,6 +2598,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -2736,7 +2727,7 @@ spec:
procMount:
description: |-
procMount denotes the type of proc mount to use for the containers.
- The default is DefaultProcMount which uses the container runtime defaults for
+ The default value is Default which uses the container runtime defaults for
readonly paths and masked paths.
This requires the ProcMountType feature flag to be enabled.
Note that this field cannot be set when spec.os.name is windows.
@@ -2818,7 +2809,6 @@ spec:
type indicates which kind of seccomp profile will be applied.
Valid options are:
-
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
@@ -2900,11 +2890,11 @@ spec:
format: int32
type: integer
service:
+ default: ""
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
@@ -3120,10 +3110,8 @@ spec:
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -3131,11 +3119,9 @@ spec:
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
type: string
subPath:
@@ -3220,10 +3206,8 @@ spec:
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -3231,11 +3215,9 @@ spec:
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
type: string
subPath:
@@ -3287,10 +3269,8 @@ spec:
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -3298,11 +3278,9 @@ spec:
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
type: string
subPath:
@@ -3354,10 +3332,8 @@ spec:
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -3365,11 +3341,9 @@ spec:
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
type: string
subPath:
@@ -3409,7 +3383,6 @@ spec:
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem from compromising the machine
type: string
partition:
description: |-
@@ -3449,6 +3422,7 @@ spec:
the blob storage
type: string
fsType:
+ default: ext4
description: |-
fsType is Filesystem type to mount.
Must be a filesystem type supported by the host operating system.
@@ -3462,6 +3436,7 @@ spec:
set). defaults to shared'
type: string
readOnly:
+ default: false
description: |-
readOnly Defaults to false (read/write). ReadOnly here will force
the ReadOnly setting in VolumeMounts.
@@ -3530,9 +3505,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@@ -3574,9 +3547,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@@ -3649,9 +3620,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: optional specify whether the ConfigMap
@@ -3690,9 +3659,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@@ -3833,7 +3800,6 @@ spec:
The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
and deleted when the pod is removed.
-
Use this if:
a) the volume is only needed while the pod runs,
b) features of normal volumes like restoring from snapshot or capacity
@@ -3844,17 +3810,14 @@ spec:
information on the connection between this volume type
and PersistentVolumeClaim).
-
Use PersistentVolumeClaim or one of the vendor-specific
APIs for volumes that persist for longer than the lifecycle
of an individual pod.
-
Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
be used that way - see the documentation of the driver for
more information.
-
A pod can use both types of ephemeral volumes and
persistent volumes at the same time.
properties:
@@ -3868,7 +3831,6 @@ spec:
entry. Pod validation will reject the pod if the concatenated name
is not valid for a PVC (for example, too long).
-
An existing PVC with that name that is not owned by the pod
will *not* be used for the pod to avoid using an unrelated
volume by mistake. Starting the pod is then blocked until
@@ -3878,11 +3840,9 @@ spec:
this should not be necessary, but it may be useful when
manually reconstructing a broken cluster.
-
This field is read-only and no changes will be made by Kubernetes
to the PVC after it has been created.
-
Required, must not be nil.
properties:
metadata:
@@ -4086,7 +4046,7 @@ spec:
set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
exists.
More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
- (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
type: string
volumeMode:
description: |-
@@ -4112,7 +4072,6 @@ spec:
fsType is the filesystem type to mount.
Must be a filesystem type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- TODO: how do we prevent errors in the filesystem from compromising the machine
type: string
lun:
description: 'lun is Optional: FC target lun number'
@@ -4180,9 +4139,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@@ -4216,7 +4173,6 @@ spec:
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem from compromising the machine
type: string
partition:
description: |-
@@ -4297,9 +4253,6 @@ spec:
used for system agents or other privileged things that are allowed
to see the host machine. Most containers will NOT need this.
More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- ---
- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
- mount host directories as read/write.
properties:
path:
description: |-
@@ -4316,6 +4269,41 @@ spec:
required:
- path
type: object
+ image:
+ description: |-
+ image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
+ The volume is resolved at pod startup depending on which PullPolicy value is provided:
+
+ - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+ - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+ - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+
+ The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
+ A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
+ The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
+ The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
+ The volume will be mounted read-only (ro) and non-executable files (noexec).
+ Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
+ The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
+ properties:
+ pullPolicy:
+ description: |-
+ Policy for pulling OCI objects. Possible values are:
+ Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+ Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+ IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ type: string
+ reference:
+ description: |-
+ Required: Image or artifact reference to be used.
+ Behaves in the same way as pod.spec.containers[*].image.
+ Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ type: object
iscsi:
description: |-
iscsi represents an ISCSI Disk resource that is attached to a
@@ -4336,7 +4324,6 @@ spec:
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem from compromising the machine
type: string
initiatorName:
description: |-
@@ -4348,6 +4335,7 @@ spec:
description: iqn is the target iSCSI Qualified Name.
type: string
iscsiInterface:
+ default: default
description: |-
iscsiInterface is the interface Name that uses an iSCSI transport.
Defaults to 'default' (tcp).
@@ -4380,9 +4368,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@@ -4501,24 +4487,24 @@ spec:
format: int32
type: integer
sources:
- description: sources is the list of volume projections
+ description: |-
+ sources is the list of volume projections. Each entry in this list
+ handles one source.
items:
- description: Projection that may be projected
- along with other supported volume types
+ description: |-
+ Projection that may be projected along with other supported volume types.
+ Exactly one of these fields must be set.
properties:
clusterTrustBundle:
description: |-
ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
of ClusterTrustBundle objects in an auto-updating file.
-
Alpha, gated by the ClusterTrustBundleProjection feature gate.
-
ClusterTrustBundle objects can either be selected by name, or by the
combination of signer name and a label selector.
-
Kubelet performs aggressive normalization of the PEM contents written
into the pod filesystem. Esoteric PEM features such as inter-block
comments and block headers are stripped. Certificates are deduplicated.
@@ -4653,9 +4639,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: optional specify whether
@@ -4797,9 +4781,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: optional field specify whether
@@ -4889,7 +4871,6 @@ spec:
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem from compromising the machine
type: string
image:
description: |-
@@ -4897,6 +4878,7 @@ spec:
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
type: string
keyring:
+ default: /etc/ceph/keyring
description: |-
keyring is the path to key ring for RBDUser.
Default is /etc/ceph/keyring.
@@ -4911,6 +4893,7 @@ spec:
type: array
x-kubernetes-list-type: atomic
pool:
+ default: rbd
description: |-
pool is the rados pool name.
Default is rbd.
@@ -4936,13 +4919,12 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
user:
+ default: admin
description: |-
user is the rados user name.
Default is admin.
@@ -4957,6 +4939,7 @@ spec:
volume attached and mounted on Kubernetes nodes.
properties:
fsType:
+ default: xfs
description: |-
fsType is the filesystem type to mount.
Must be a filesystem type supported by the host operating system.
@@ -4988,9 +4971,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@@ -4999,6 +4980,7 @@ spec:
communication with Gateway, default false
type: boolean
storageMode:
+ default: ThinProvisioned
description: |-
storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
Default is ThinProvisioned.
@@ -5113,9 +5095,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@@ -5454,7 +5434,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5469,7 +5449,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5637,7 +5617,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5652,7 +5632,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5818,7 +5798,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5833,7 +5813,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -6001,7 +5981,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -6016,7 +5996,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -6192,11 +6172,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry
@@ -6208,6 +6186,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -6249,11 +6233,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry
@@ -6265,6 +6247,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -6307,11 +6295,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry
@@ -6323,6 +6309,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -6364,11 +6356,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry
@@ -6380,6 +6370,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -6440,9 +6436,6 @@ spec:
description: |-
Rolling update config params. Present only if DeploymentStrategyType =
RollingUpdate.
- ---
- TODO: Update this to follow our convention for oneOf, whatever we decide it
- to be.
properties:
maxSurge:
anyOf:
@@ -6594,7 +6587,6 @@ spec:
Keys that don't exist in the incoming pod labels will
be ignored. A null or empty list means only match against labelSelector.
-
This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
items:
type: string
@@ -6634,7 +6626,6 @@ spec:
Valid values are integers greater than 0.
When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
-
For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
labelSelector spread as 2/2/2:
| zone1 | zone2 | zone3 |
@@ -6652,7 +6643,6 @@ spec:
- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
-
If this value is nil, the behavior is equivalent to the Honor policy.
This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
type: string
@@ -6664,7 +6654,6 @@ spec:
has a toleration, are included.
- Ignore: node taints are ignored. All nodes are included.
-
If this value is nil, the behavior is equivalent to the Ignore policy.
This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
type: string
@@ -7012,18 +7001,8 @@ spec:
conditions:
description: Current service state
items:
- description: "Condition contains details for one aspect
- of the current state of this API Resource.\n---\nThis
- struct is intended for direct use as an array at the
- field path .status.conditions. For example,\n\n\n\ttype
- FooStatus struct{\n\t // Represents the observations
- of a foo's current state.\n\t // Known .status.conditions.type
- are: \"Available\", \"Progressing\", and \"Degraded\"\n\t
- \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t
- \ // +listType=map\n\t // +listMapKey=type\n\t
- \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
- patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
- \ // other fields\n\t}"
+ description: Condition contains details for one aspect
+ of the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
@@ -7065,12 +7044,8 @@ spec:
- Unknown
type: string
type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- ---
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
- useful (see .node.status.conditions), the ability to deconflict is important.
- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: type of condition in CamelCase or in
+ foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -7132,8 +7107,6 @@ spec:
CamelCase names
- cloud provider specific error values must have names that comply with the
format foo.example.com/CamelCase.
- ---
- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -7144,12 +7117,12 @@ spec:
format: int32
type: integer
protocol:
- default: TCP
description: |-
Protocol is the protocol of the service port of which status is recorded here
The supported values are: "TCP", "UDP", "SCTP"
type: string
required:
+ - error
- port
- protocol
type: object
@@ -7508,8 +7481,6 @@ spec:
CamelCase names
- cloud provider specific error values must have names that comply with the
format foo.example.com/CamelCase.
- ---
- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -7519,12 +7490,12 @@ spec:
format: int32
type: integer
protocol:
- default: TCP
description: |-
protocol is the protocol of the ingress port.
The supported values are: "TCP", "UDP", "SCTP"
type: string
required:
+ - error
- port
- protocol
type: object
@@ -7552,18 +7523,8 @@ spec:
conditions:
description: Current service state
items:
- description: "Condition contains details for one aspect
- of the current state of this API Resource.\n---\nThis
- struct is intended for direct use as an array at the field
- path .status.conditions. For example,\n\n\n\ttype FooStatus
- struct{\n\t // Represents the observations of a foo's
- current state.\n\t // Known .status.conditions.type
- are: \"Available\", \"Progressing\", and \"Degraded\"\n\t
- \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t
- \ // +listType=map\n\t // +listMapKey=type\n\t Conditions
- []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
- patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
- \ // other fields\n\t}"
+ description: Condition contains details for one aspect of
+ the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
@@ -7605,12 +7566,7 @@ spec:
- Unknown
type: string
type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- ---
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
- useful (see .node.status.conditions), the ability to deconflict is important.
- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -7672,8 +7628,6 @@ spec:
CamelCase names
- cloud provider specific error values must have names that comply with the
format foo.example.com/CamelCase.
- ---
- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -7684,12 +7638,12 @@ spec:
format: int32
type: integer
protocol:
- default: TCP
description: |-
Protocol is the protocol of the service port of which status is recorded here
The supported values are: "TCP", "UDP", "SCTP"
type: string
required:
+ - error
- port
- protocol
type: object
diff --git a/config/install.yaml b/config/install.yaml
index 9fa71642..2993e22f 100644
--- a/config/install.yaml
+++ b/config/install.yaml
@@ -11,7 +11,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: kamaji-system/kamaji-serving-cert
- controller-gen.kubebuilder.io/version: v0.14.0
+ controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: kamaji-core
name: datastores.kamaji.clastix.io
@@ -292,7 +292,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: kamaji-system/kamaji-serving-cert
- controller-gen.kubebuilder.io/version: v0.14.0
+ controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: kamaji-core
name: tenantcontrolplanes.kamaji.clastix.io
@@ -489,11 +489,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@@ -504,6 +502,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -640,9 +644,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the ConfigMap or its key must be defined
@@ -701,9 +703,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the Secret or its key must be defined
@@ -741,9 +741,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the ConfigMap must be defined
@@ -763,9 +761,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the Secret must be defined
@@ -1039,11 +1035,11 @@ spec:
format: int32
type: integer
service:
+ default: ""
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
@@ -1245,11 +1241,11 @@ spec:
format: int32
type: integer
service:
+ default: ""
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
@@ -1392,11 +1388,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@@ -1407,6 +1401,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -1528,7 +1528,7 @@ spec:
procMount:
description: |-
procMount denotes the type of proc mount to use for the containers.
- The default is DefaultProcMount which uses the container runtime defaults for
+ The default value is Default which uses the container runtime defaults for
readonly paths and masked paths.
This requires the ProcMountType feature flag to be enabled.
Note that this field cannot be set when spec.os.name is windows.
@@ -1606,7 +1606,6 @@ spec:
type indicates which kind of seccomp profile will be applied.
Valid options are:
-
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
@@ -1685,11 +1684,11 @@ spec:
format: int32
type: integer
service:
+ default: ""
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
@@ -1894,10 +1893,8 @@ spec:
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -1905,11 +1902,9 @@ spec:
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
type: string
subPath:
@@ -2014,9 +2009,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the ConfigMap or its key must be defined
@@ -2075,9 +2068,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the Secret or its key must be defined
@@ -2115,9 +2106,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the ConfigMap must be defined
@@ -2137,9 +2126,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: Specify whether the Secret must be defined
@@ -2413,11 +2400,11 @@ spec:
format: int32
type: integer
service:
+ default: ""
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
@@ -2619,11 +2606,11 @@ spec:
format: int32
type: integer
service:
+ default: ""
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
@@ -2766,11 +2753,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@@ -2781,6 +2766,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -2902,7 +2893,7 @@ spec:
procMount:
description: |-
procMount denotes the type of proc mount to use for the containers.
- The default is DefaultProcMount which uses the container runtime defaults for
+ The default value is Default which uses the container runtime defaults for
readonly paths and masked paths.
This requires the ProcMountType feature flag to be enabled.
Note that this field cannot be set when spec.os.name is windows.
@@ -2980,7 +2971,6 @@ spec:
type indicates which kind of seccomp profile will be applied.
Valid options are:
-
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
@@ -3059,11 +3049,11 @@ spec:
format: int32
type: integer
service:
+ default: ""
description: |-
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
type: string
required:
@@ -3268,10 +3258,8 @@ spec:
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -3279,11 +3267,9 @@ spec:
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
type: string
subPath:
@@ -3365,10 +3351,8 @@ spec:
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -3376,11 +3360,9 @@ spec:
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
type: string
subPath:
@@ -3431,10 +3413,8 @@ spec:
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -3442,11 +3422,9 @@ spec:
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
type: string
subPath:
@@ -3497,10 +3475,8 @@ spec:
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -3508,11 +3484,9 @@ spec:
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
type: string
subPath:
@@ -3550,7 +3524,6 @@ spec:
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem from compromising the machine
type: string
partition:
description: |-
@@ -3586,6 +3559,7 @@ spec:
description: diskURI is the URI of data disk in the blob storage
type: string
fsType:
+ default: ext4
description: |-
fsType is Filesystem type to mount.
Must be a filesystem type supported by the host operating system.
@@ -3595,6 +3569,7 @@ spec:
description: 'kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared'
type: string
readOnly:
+ default: false
description: |-
readOnly Defaults to false (read/write). ReadOnly here will force
the ReadOnly setting in VolumeMounts.
@@ -3658,9 +3633,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@@ -3702,9 +3675,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@@ -3775,9 +3746,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: optional specify whether the ConfigMap or its keys must be defined
@@ -3813,9 +3782,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@@ -3940,7 +3907,6 @@ spec:
The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
and deleted when the pod is removed.
-
Use this if:
a) the volume is only needed while the pod runs,
b) features of normal volumes like restoring from snapshot or capacity
@@ -3951,17 +3917,14 @@ spec:
information on the connection between this volume type
and PersistentVolumeClaim).
-
Use PersistentVolumeClaim or one of the vendor-specific
APIs for volumes that persist for longer than the lifecycle
of an individual pod.
-
Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
be used that way - see the documentation of the driver for
more information.
-
A pod can use both types of ephemeral volumes and
persistent volumes at the same time.
properties:
@@ -3975,7 +3938,6 @@ spec:
entry. Pod validation will reject the pod if the concatenated name
is not valid for a PVC (for example, too long).
-
An existing PVC with that name that is not owned by the pod
will *not* be used for the pod to avoid using an unrelated
volume by mistake. Starting the pod is then blocked until
@@ -3985,11 +3947,9 @@ spec:
this should not be necessary, but it may be useful when
manually reconstructing a broken cluster.
-
This field is read-only and no changes will be made by Kubernetes
to the PVC after it has been created.
-
Required, must not be nil.
properties:
metadata:
@@ -4184,7 +4144,7 @@ spec:
set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
exists.
More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
- (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
type: string
volumeMode:
description: |-
@@ -4207,7 +4167,6 @@ spec:
fsType is the filesystem type to mount.
Must be a filesystem type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- TODO: how do we prevent errors in the filesystem from compromising the machine
type: string
lun:
description: 'lun is Optional: FC target lun number'
@@ -4272,9 +4231,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@@ -4305,7 +4262,6 @@ spec:
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem from compromising the machine
type: string
partition:
description: |-
@@ -4385,9 +4341,6 @@ spec:
used for system agents or other privileged things that are allowed
to see the host machine. Most containers will NOT need this.
More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- ---
- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
- mount host directories as read/write.
properties:
path:
description: |-
@@ -4404,6 +4357,41 @@ spec:
required:
- path
type: object
+ image:
+ description: |-
+ image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
+ The volume is resolved at pod startup depending on which PullPolicy value is provided:
+
+ - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+ - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+ - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+
+ The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
+ A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
+ The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
+ The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
+ The volume will be mounted read-only (ro) and non-executable files (noexec).
+ Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
+ The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
+ properties:
+ pullPolicy:
+ description: |-
+ Policy for pulling OCI objects. Possible values are:
+ Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+ Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+ IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ type: string
+ reference:
+ description: |-
+ Required: Image or artifact reference to be used.
+ Behaves in the same way as pod.spec.containers[*].image.
+ Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ type: object
iscsi:
description: |-
iscsi represents an ISCSI Disk resource that is attached to a
@@ -4422,7 +4410,6 @@ spec:
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem from compromising the machine
type: string
initiatorName:
description: |-
@@ -4434,6 +4421,7 @@ spec:
description: iqn is the target iSCSI Qualified Name.
type: string
iscsiInterface:
+ default: default
description: |-
iscsiInterface is the interface Name that uses an iSCSI transport.
Defaults to 'default' (tcp).
@@ -4465,9 +4453,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@@ -4580,23 +4566,24 @@ spec:
format: int32
type: integer
sources:
- description: sources is the list of volume projections
+ description: |-
+ sources is the list of volume projections. Each entry in this list
+ handles one source.
items:
- description: Projection that may be projected along with other supported volume types
+ description: |-
+ Projection that may be projected along with other supported volume types.
+ Exactly one of these fields must be set.
properties:
clusterTrustBundle:
description: |-
ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
of ClusterTrustBundle objects in an auto-updating file.
-
Alpha, gated by the ClusterTrustBundleProjection feature gate.
-
ClusterTrustBundle objects can either be selected by name, or by the
combination of signer name and a label selector.
-
Kubelet performs aggressive normalization of the PEM contents written
into the pod filesystem. Esoteric PEM features such as inter-block
comments and block headers are stripped. Certificates are deduplicated.
@@ -4724,9 +4711,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: optional specify whether the ConfigMap or its keys must be defined
@@ -4843,9 +4828,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: optional field specify whether the Secret or its key must be defined
@@ -4931,7 +4914,6 @@ spec:
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem from compromising the machine
type: string
image:
description: |-
@@ -4939,6 +4921,7 @@ spec:
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
type: string
keyring:
+ default: /etc/ceph/keyring
description: |-
keyring is the path to key ring for RBDUser.
Default is /etc/ceph/keyring.
@@ -4953,6 +4936,7 @@ spec:
type: array
x-kubernetes-list-type: atomic
pool:
+ default: rbd
description: |-
pool is the rados pool name.
Default is rbd.
@@ -4978,13 +4962,12 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
user:
+ default: admin
description: |-
user is the rados user name.
Default is admin.
@@ -4998,6 +4981,7 @@ spec:
description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
properties:
fsType:
+ default: xfs
description: |-
fsType is the filesystem type to mount.
Must be a filesystem type supported by the host operating system.
@@ -5027,9 +5011,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@@ -5037,6 +5019,7 @@ spec:
description: sslEnabled Flag enable/disable SSL communication with Gateway, default false
type: boolean
storageMode:
+ default: ThinProvisioned
description: |-
storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
Default is ThinProvisioned.
@@ -5146,9 +5129,7 @@ spec:
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
- TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@@ -5460,7 +5441,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5475,7 +5456,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5636,7 +5617,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5651,7 +5632,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5805,7 +5786,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5820,7 +5801,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5981,7 +5962,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5996,7 +5977,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
- This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -6165,11 +6146,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@@ -6180,6 +6159,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -6220,11 +6205,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@@ -6235,6 +6218,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -6277,11 +6266,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@@ -6292,6 +6279,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -6332,11 +6325,9 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@@ -6347,6 +6338,12 @@ spec:
the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
required:
- name
type: object
@@ -6406,9 +6403,6 @@ spec:
description: |-
Rolling update config params. Present only if DeploymentStrategyType =
RollingUpdate.
- ---
- TODO: Update this to follow our convention for oneOf, whatever we decide it
- to be.
properties:
maxSurge:
anyOf:
@@ -6556,7 +6550,6 @@ spec:
Keys that don't exist in the incoming pod labels will
be ignored. A null or empty list means only match against labelSelector.
-
This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
items:
type: string
@@ -6596,7 +6589,6 @@ spec:
Valid values are integers greater than 0.
When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
-
For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
labelSelector spread as 2/2/2:
| zone1 | zone2 | zone3 |
@@ -6614,7 +6606,6 @@ spec:
- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
-
If this value is nil, the behavior is equivalent to the Honor policy.
This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
type: string
@@ -6626,7 +6617,6 @@ spec:
has a toleration, are included.
- Ignore: node taints are ignored. All nodes are included.
-
If this value is nil, the behavior is equivalent to the Ignore policy.
This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
type: string
@@ -6964,7 +6954,7 @@ spec:
conditions:
description: Current service state
items:
- description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}"
+ description: Condition contains details for one aspect of the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
@@ -7005,12 +6995,7 @@ spec:
- Unknown
type: string
type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- ---
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
- useful (see .node.status.conditions), the ability to deconflict is important.
- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -7072,8 +7057,6 @@ spec:
CamelCase names
- cloud provider specific error values must have names that comply with the
format foo.example.com/CamelCase.
- ---
- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -7082,12 +7065,12 @@ spec:
format: int32
type: integer
protocol:
- default: TCP
description: |-
Protocol is the protocol of the service port of which status is recorded here
The supported values are: "TCP", "UDP", "SCTP"
type: string
required:
+ - error
- port
- protocol
type: object
@@ -7413,8 +7396,6 @@ spec:
CamelCase names
- cloud provider specific error values must have names that comply with the
format foo.example.com/CamelCase.
- ---
- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -7423,12 +7404,12 @@ spec:
format: int32
type: integer
protocol:
- default: TCP
description: |-
protocol is the protocol of the ingress port.
The supported values are: "TCP", "UDP", "SCTP"
type: string
required:
+ - error
- port
- protocol
type: object
@@ -7454,7 +7435,7 @@ spec:
conditions:
description: Current service state
items:
- description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}"
+ description: Condition contains details for one aspect of the current state of this API Resource.
properties:
lastTransitionTime:
description: |-
@@ -7495,12 +7476,7 @@ spec:
- Unknown
type: string
type:
- description: |-
- type of condition in CamelCase or in foo.example.com/CamelCase.
- ---
- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
- useful (see .node.status.conditions), the ability to deconflict is important.
- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -7562,8 +7538,6 @@ spec:
CamelCase names
- cloud provider specific error values must have names that comply with the
format foo.example.com/CamelCase.
- ---
- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -7572,12 +7546,12 @@ spec:
format: int32
type: integer
protocol:
- default: TCP
description: |-
Protocol is the protocol of the service port of which status is recorded here
The supported values are: "TCP", "UDP", "SCTP"
type: string
required:
+ - error
- port
- protocol
type: object
@@ -7750,29 +7724,7 @@ rules:
- ""
resources:
- configmaps
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - ""
- resources:
- secrets
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - ""
- resources:
- services
verbs:
- create
@@ -7786,6 +7738,7 @@ rules:
- kamaji.clastix.io
resources:
- datastores
+ - tenantcontrolplanes
verbs:
- create
- delete
@@ -7798,36 +7751,17 @@ rules:
- kamaji.clastix.io
resources:
- datastores/status
+ - tenantcontrolplanes/status
verbs:
- get
- patch
- update
-- apiGroups:
- - kamaji.clastix.io
- resources:
- - tenantcontrolplanes
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
- apiGroups:
- kamaji.clastix.io
resources:
- tenantcontrolplanes/finalizers
verbs:
- update
-- apiGroups:
- - kamaji.clastix.io
- resources:
- - tenantcontrolplanes/status
- verbs:
- - get
- - patch
- - update
- apiGroups:
- networking.k8s.io
resources:
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 6ae2f0ee..9f4aeb27 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -30,29 +30,7 @@ rules:
- ""
resources:
- configmaps
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - ""
- resources:
- secrets
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - ""
- resources:
- services
verbs:
- create
@@ -66,6 +44,7 @@ rules:
- kamaji.clastix.io
resources:
- datastores
+ - tenantcontrolplanes
verbs:
- create
- delete
@@ -78,36 +57,17 @@ rules:
- kamaji.clastix.io
resources:
- datastores/status
+ - tenantcontrolplanes/status
verbs:
- get
- patch
- update
-- apiGroups:
- - kamaji.clastix.io
- resources:
- - tenantcontrolplanes
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
- apiGroups:
- kamaji.clastix.io
resources:
- tenantcontrolplanes/finalizers
verbs:
- update
-- apiGroups:
- - kamaji.clastix.io
- resources:
- - tenantcontrolplanes/status
- verbs:
- - get
- - patch
- - update
- apiGroups:
- networking.k8s.io
resources:
diff --git a/controllers/datastore_controller.go b/controllers/datastore_controller.go
index 4790ab2f..835ffb5d 100644
--- a/controllers/datastore_controller.go
+++ b/controllers/datastore_controller.go
@@ -83,7 +83,7 @@ func (r *DataStore) Reconcile(ctx context.Context, request reconcile.Request) (r
}
func (r *DataStore) SetupWithManager(mgr controllerruntime.Manager) error {
- enqueueFn := func(tcp *kamajiv1alpha1.TenantControlPlane, limitingInterface workqueue.RateLimitingInterface) {
+ enqueueFn := func(tcp *kamajiv1alpha1.TenantControlPlane, limitingInterface workqueue.TypedRateLimitingInterface[reconcile.Request]) {
if dataStoreName := tcp.Status.Storage.DataStoreName; len(dataStoreName) > 0 {
limitingInterface.AddRateLimited(reconcile.Request{
NamespacedName: k8stypes.NamespacedName{
@@ -98,15 +98,15 @@ func (r *DataStore) SetupWithManager(mgr controllerruntime.Manager) error {
predicate.ResourceVersionChangedPredicate{},
)).
Watches(&kamajiv1alpha1.TenantControlPlane{}, handler.Funcs{
- CreateFunc: func(_ context.Context, createEvent event.CreateEvent, limitingInterface workqueue.RateLimitingInterface) {
- enqueueFn(createEvent.Object.(*kamajiv1alpha1.TenantControlPlane), limitingInterface)
+ CreateFunc: func(_ context.Context, createEvent event.TypedCreateEvent[client.Object], w workqueue.TypedRateLimitingInterface[reconcile.Request]) {
+ enqueueFn(createEvent.Object.(*kamajiv1alpha1.TenantControlPlane), w)
},
- UpdateFunc: func(_ context.Context, updateEvent event.UpdateEvent, limitingInterface workqueue.RateLimitingInterface) {
- enqueueFn(updateEvent.ObjectOld.(*kamajiv1alpha1.TenantControlPlane), limitingInterface)
- enqueueFn(updateEvent.ObjectNew.(*kamajiv1alpha1.TenantControlPlane), limitingInterface)
+ UpdateFunc: func(ctx context.Context, updateEvent event.TypedUpdateEvent[client.Object], w workqueue.TypedRateLimitingInterface[reconcile.Request]) {
+ enqueueFn(updateEvent.ObjectOld.(*kamajiv1alpha1.TenantControlPlane), w)
+ enqueueFn(updateEvent.ObjectNew.(*kamajiv1alpha1.TenantControlPlane), w)
},
- DeleteFunc: func(_ context.Context, deleteEvent event.DeleteEvent, limitingInterface workqueue.RateLimitingInterface) {
- enqueueFn(deleteEvent.Object.(*kamajiv1alpha1.TenantControlPlane), limitingInterface)
+ DeleteFunc: func(_ context.Context, deleteEvent event.TypedDeleteEvent[client.Object], w workqueue.TypedRateLimitingInterface[reconcile.Request]) {
+ enqueueFn(deleteEvent.Object.(*kamajiv1alpha1.TenantControlPlane), w)
},
}).
Complete(r)
diff --git a/controllers/soot/controllers/coredns.go b/controllers/soot/controllers/coredns.go
index 8d86248d..d75dd3e4 100644
--- a/controllers/soot/controllers/coredns.go
+++ b/controllers/soot/controllers/coredns.go
@@ -10,9 +10,11 @@ import (
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
+ "k8s.io/utils/ptr"
controllerruntime "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/builder"
"sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/controller"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
"sigs.k8s.io/controller-runtime/pkg/event"
"sigs.k8s.io/controller-runtime/pkg/handler"
@@ -76,6 +78,7 @@ func (c *CoreDNS) SetupWithManager(mgr manager.Manager) error {
c.TriggerChannel = make(chan event.GenericEvent)
return controllerruntime.NewControllerManagedBy(mgr).
+ WithOptions(controller.TypedOptions[reconcile.Request]{SkipNameValidation: ptr.To(true)}).
For(&rbacv1.ClusterRoleBinding{}, builder.WithPredicates(predicate.NewPredicateFuncs(func(object client.Object) bool {
return object.GetName() == kubeadm.CoreDNSClusterRoleBindingName
}))).
diff --git a/controllers/soot/controllers/konnectivity.go b/controllers/soot/controllers/konnectivity.go
index 30e5b186..9acc3924 100644
--- a/controllers/soot/controllers/konnectivity.go
+++ b/controllers/soot/controllers/konnectivity.go
@@ -11,9 +11,11 @@ import (
corev1 "k8s.io/api/core/v1"
v1 "k8s.io/api/rbac/v1"
"k8s.io/apimachinery/pkg/types"
+ "k8s.io/utils/ptr"
controllerruntime "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/builder"
"sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/controller"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
"sigs.k8s.io/controller-runtime/pkg/event"
"sigs.k8s.io/controller-runtime/pkg/handler"
@@ -77,6 +79,7 @@ func (k *KonnectivityAgent) SetupWithManager(mgr manager.Manager) error {
k.TriggerChannel = make(chan event.GenericEvent)
return controllerruntime.NewControllerManagedBy(mgr).
+ WithOptions(controller.TypedOptions[reconcile.Request]{SkipNameValidation: ptr.To(true)}).
For(&appsv1.DaemonSet{}, builder.WithPredicates(predicate.NewPredicateFuncs(func(object client.Object) bool {
return object.GetName() == konnectivity.AgentName && object.GetNamespace() == konnectivity.AgentNamespace
}))).
diff --git a/controllers/soot/controllers/kubeadm_phase.go b/controllers/soot/controllers/kubeadm_phase.go
index 9e534275..ad50cc9e 100644
--- a/controllers/soot/controllers/kubeadm_phase.go
+++ b/controllers/soot/controllers/kubeadm_phase.go
@@ -7,8 +7,10 @@ import (
"context"
"github.com/go-logr/logr"
+ "k8s.io/utils/ptr"
controllerruntime "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/builder"
+ "sigs.k8s.io/controller-runtime/pkg/controller"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
"sigs.k8s.io/controller-runtime/pkg/event"
"sigs.k8s.io/controller-runtime/pkg/handler"
@@ -66,6 +68,7 @@ func (k *KubeadmPhase) SetupWithManager(mgr manager.Manager) error {
k.TriggerChannel = make(chan event.GenericEvent)
return controllerruntime.NewControllerManagedBy(mgr).
+ WithOptions(controller.TypedOptions[reconcile.Request]{SkipNameValidation: ptr.To(true)}).
For(k.Phase.GetWatchedObject(), builder.WithPredicates(predicate.NewPredicateFuncs(k.Phase.GetPredicateFunc()))).
WatchesRawSource(source.Channel(k.TriggerChannel, &handler.EnqueueRequestForObject{})).
Complete(k)
diff --git a/controllers/soot/controllers/kubeproxy.go b/controllers/soot/controllers/kubeproxy.go
index 901b4526..4937e376 100644
--- a/controllers/soot/controllers/kubeproxy.go
+++ b/controllers/soot/controllers/kubeproxy.go
@@ -10,9 +10,11 @@ import (
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
+ "k8s.io/utils/ptr"
controllerruntime "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/builder"
"sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/controller"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
"sigs.k8s.io/controller-runtime/pkg/event"
"sigs.k8s.io/controller-runtime/pkg/handler"
@@ -76,6 +78,7 @@ func (k *KubeProxy) SetupWithManager(mgr manager.Manager) error {
k.TriggerChannel = make(chan event.GenericEvent)
return controllerruntime.NewControllerManagedBy(mgr).
+ WithOptions(controller.TypedOptions[reconcile.Request]{SkipNameValidation: ptr.To(true)}).
For(&rbacv1.ClusterRoleBinding{}, builder.WithPredicates(predicate.NewPredicateFuncs(func(object client.Object) bool {
return object.GetName() == kubeadm.KubeProxyClusterRoleBindingName
}))).
diff --git a/controllers/soot/controllers/migrate.go b/controllers/soot/controllers/migrate.go
index cc4ddbe1..47669126 100644
--- a/controllers/soot/controllers/migrate.go
+++ b/controllers/soot/controllers/migrate.go
@@ -15,6 +15,7 @@ import (
controllerruntime "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/builder"
"sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/controller"
"sigs.k8s.io/controller-runtime/pkg/event"
"sigs.k8s.io/controller-runtime/pkg/handler"
"sigs.k8s.io/controller-runtime/pkg/manager"
@@ -182,6 +183,7 @@ func (m *Migrate) SetupWithManager(mgr manager.Manager) error {
m.TriggerChannel = make(chan event.GenericEvent)
return controllerruntime.NewControllerManagedBy(mgr).
+ WithOptions(controller.TypedOptions[reconcile.Request]{SkipNameValidation: pointer.To(true)}).
For(&admissionregistrationv1.ValidatingWebhookConfiguration{}, builder.WithPredicates(predicate.NewPredicateFuncs(func(object client.Object) bool {
vwc := m.object()
diff --git a/controllers/soot/manager.go b/controllers/soot/manager.go
index 753e5a12..971e4bae 100644
--- a/controllers/soot/manager.go
+++ b/controllers/soot/manager.go
@@ -10,9 +10,11 @@ import (
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/client-go/rest"
"k8s.io/client-go/util/retry"
+ "k8s.io/utils/ptr"
controllerruntime "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/builder"
"sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/controller"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
"sigs.k8s.io/controller-runtime/pkg/event"
"sigs.k8s.io/controller-runtime/pkg/handler"
@@ -302,6 +304,7 @@ func (m *Manager) SetupWithManager(mgr manager.Manager) error {
m.sootMap = make(map[string]sootItem)
return controllerruntime.NewControllerManagedBy(mgr).
+ WithOptions(controller.TypedOptions[reconcile.Request]{SkipNameValidation: ptr.To(true)}).
WatchesRawSource(source.Channel(m.sootManagerErrChan, &handler.EnqueueRequestForObject{})).
For(&kamajiv1alpha1.TenantControlPlane{}, builder.WithPredicates(predicate.NewPredicateFuncs(func(object client.Object) bool {
obj := object.(*kamajiv1alpha1.TenantControlPlane) //nolint:forcetypeassert
diff --git a/controllers/tenantcontrolplane_controller.go b/controllers/tenantcontrolplane_controller.go
index c0323c19..72dd1411 100644
--- a/controllers/tenantcontrolplane_controller.go
+++ b/controllers/tenantcontrolplane_controller.go
@@ -227,16 +227,16 @@ func (r *TenantControlPlaneReconciler) SetupWithManager(mgr ctrl.Manager) error
r.clock = clock.RealClock{}
return ctrl.NewControllerManagedBy(mgr).
- WatchesRawSource(source.Channel(r.CertificateChan, handler.Funcs{GenericFunc: func(_ context.Context, genericEvent event.GenericEvent, limitingInterface workqueue.RateLimitingInterface) {
- limitingInterface.AddRateLimited(ctrl.Request{
+ WatchesRawSource(source.Channel(r.CertificateChan, handler.Funcs{GenericFunc: func(_ context.Context, genericEvent event.TypedGenericEvent[client.Object], w workqueue.TypedRateLimitingInterface[reconcile.Request]) {
+ w.AddRateLimited(ctrl.Request{
NamespacedName: k8stypes.NamespacedName{
Namespace: genericEvent.Object.GetNamespace(),
Name: genericEvent.Object.GetName(),
},
})
}})).
- WatchesRawSource(source.Channel(r.TriggerChan, handler.Funcs{GenericFunc: func(_ context.Context, genericEvent event.GenericEvent, limitingInterface workqueue.RateLimitingInterface) {
- limitingInterface.AddRateLimited(ctrl.Request{
+ WatchesRawSource(source.Channel(r.TriggerChan, handler.Funcs{GenericFunc: func(_ context.Context, genericEvent event.TypedGenericEvent[client.Object], w workqueue.TypedRateLimitingInterface[reconcile.Request]) {
+ w.AddRateLimited(ctrl.Request{
NamespacedName: k8stypes.NamespacedName{
Namespace: genericEvent.Object.GetNamespace(),
Name: genericEvent.Object.GetName(),
diff --git a/docs/content/reference/api.md b/docs/content/reference/api.md
index ca9daf40..4cc35913 100644
--- a/docs/content/reference/api.md
+++ b/docs/content/reference/api.md
@@ -1532,9 +1532,7 @@ Selects a key of a ConfigMap.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -1655,9 +1653,7 @@ Selects a key of a secret in the pod's namespace
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -1736,9 +1732,7 @@ The ConfigMap to select from
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -1777,9 +1771,7 @@ The Secret to select from
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -2503,8 +2495,9 @@ GRPC specifies an action involving a GRPC port.
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
false |
@@ -2885,8 +2878,9 @@ GRPC specifies an action involving a GRPC port.
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
false |
@@ -3079,11 +3073,9 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
false |
@@ -3133,6 +3125,15 @@ the Pod where this field is used. It makes that resource available
inside a container.
true |
+
+ | request |
+ string |
+
+ Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+ |
+ false |
@@ -3200,7 +3201,7 @@ Note that this field cannot be set when spec.os.name is windows.
string |
procMount denotes the type of proc mount to use for the containers.
-The default is DefaultProcMount which uses the container runtime defaults for
+The default value is Default which uses the container runtime defaults for
readonly paths and masked paths.
This requires the ProcMountType feature flag to be enabled.
Note that this field cannot be set when spec.os.name is windows.
@@ -3441,7 +3442,6 @@ Note that this field cannot be set when spec.os.name is windows.
type indicates which kind of seccomp profile will be applied.
Valid options are:
-
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
@@ -3702,8 +3702,9 @@ GRPC specifies an action involving a GRPC port.
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
|
false |
@@ -3927,10 +3928,8 @@ Defaults to false.
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -3938,11 +3937,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
false |
@@ -4373,9 +4370,7 @@ Selects a key of a ConfigMap.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -4496,9 +4491,7 @@ Selects a key of a secret in the pod's namespace
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -4577,9 +4570,7 @@ The ConfigMap to select from
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -4618,9 +4609,7 @@ The Secret to select from
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -5344,8 +5333,9 @@ GRPC specifies an action involving a GRPC port.
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
false |
@@ -5726,8 +5716,9 @@ GRPC specifies an action involving a GRPC port.
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
false |
@@ -5920,11 +5911,9 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
false |
@@ -5974,6 +5963,15 @@ the Pod where this field is used. It makes that resource available
inside a container.
true |
+
+ | request |
+ string |
+
+ Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+ |
+ false |
@@ -6041,7 +6039,7 @@ Note that this field cannot be set when spec.os.name is windows.
string |
procMount denotes the type of proc mount to use for the containers.
-The default is DefaultProcMount which uses the container runtime defaults for
+The default value is Default which uses the container runtime defaults for
readonly paths and masked paths.
This requires the ProcMountType feature flag to be enabled.
Note that this field cannot be set when spec.os.name is windows.
@@ -6282,7 +6280,6 @@ Note that this field cannot be set when spec.os.name is windows.
type indicates which kind of seccomp profile will be applied.
Valid options are:
-
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
@@ -6543,8 +6540,9 @@ GRPC specifies an action involving a GRPC port.
Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
If this is not specified, the default behavior is defined by gRPC.
+
+ Default:
|
false |
@@ -6768,10 +6766,8 @@ Defaults to false.
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -6779,11 +6775,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
false |
@@ -6940,10 +6934,8 @@ Defaults to false.
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -6951,11 +6943,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
false |
@@ -7038,10 +7028,8 @@ Defaults to false.
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -7049,11 +7037,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
false |
@@ -7136,10 +7122,8 @@ Defaults to false.
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
-
If ReadOnly is false, this field has no meaning and must be unspecified.
-
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
@@ -7147,11 +7131,9 @@ field is set to Enabled, the mount is made recursively read-only if it is
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
-
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
-
If this field is not specified, it is treated as an equivalent of Disabled.
false |
@@ -7276,7 +7258,6 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
and deleted when the pod is removed.
-
Use this if:
a) the volume is only needed while the pod runs,
b) features of normal volumes like restoring from snapshot or capacity
@@ -7287,17 +7268,14 @@ d) the storage driver supports dynamic volume provisioning through
information on the connection between this volume type
and PersistentVolumeClaim).
-
Use PersistentVolumeClaim or one of the vendor-specific
APIs for volumes that persist for longer than the lifecycle
of an individual pod.
-
Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
be used that way - see the documentation of the driver for
more information.
-
A pod can use both types of ephemeral volumes and
persistent volumes at the same time.
@@ -7359,10 +7337,27 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md
machine that is directly exposed to the container. This is generally
used for system agents or other privileged things that are allowed
to see the host machine. Most containers will NOT need this.
-More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
----
-TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
-mount host directories as read/write.
+More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+
+ false |
+
+ | image |
+ object |
+
+ image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
+The volume is resolved at pod startup depending on which PullPolicy value is provided:
+
+- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+
+The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
+A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
+The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
+The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
+The volume will be mounted read-only (ro) and non-executable files (noexec).
+Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
+The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
|
false |
@@ -7492,8 +7487,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst
fsType is the filesystem type of the volume that you want to mount.
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
-More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
-TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
false |
@@ -7563,6 +7557,8 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the
fsType is Filesystem type to mount.
Must be a filesystem type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+ Default: ext4
false |
@@ -7578,6 +7574,8 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
readOnly Defaults to false (read/write). ReadOnly here will force
the ReadOnly setting in VolumeMounts.
+
+ Default: false
|
false |
@@ -7716,9 +7714,7 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -7806,9 +7802,7 @@ to OpenStack.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -7868,9 +7862,7 @@ relative and may not contain the '..' path or start with '..'.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -8026,9 +8018,7 @@ secret object contains more than one secret, all secret references are passed.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -8258,7 +8248,6 @@ ephemeral represents a volume that is handled by a cluster storage driver.
The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
and deleted when the pod is removed.
-
Use this if:
a) the volume is only needed while the pod runs,
b) features of normal volumes like restoring from snapshot or capacity
@@ -8269,17 +8258,14 @@ d) the storage driver supports dynamic volume provisioning through
information on the connection between this volume type
and PersistentVolumeClaim).
-
Use PersistentVolumeClaim or one of the vendor-specific
APIs for volumes that persist for longer than the lifecycle
of an individual pod.
-
Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
be used that way - see the documentation of the driver for
more information.
-
A pod can use both types of ephemeral volumes and
persistent volumes at the same time.
@@ -8304,7 +8290,6 @@ pod. The name of the PVC will be `-` where
entry. Pod validation will reject the pod if the concatenated name
is not valid for a PVC (for example, too long).
-
An existing PVC with that name that is not owned by the pod
will *not* be used for the pod to avoid using an unrelated
volume by mistake. Starting the pod is then blocked until
@@ -8314,11 +8299,9 @@ owner reference to the pod once the pod exists. Normally
this should not be necessary, but it may be useful when
manually reconstructing a broken cluster.
-
This field is read-only and no changes will be made by Kubernetes
to the PVC after it has been created.
-
Required, must not be nil.
false |
@@ -8338,7 +8321,6 @@ pod. The name of the PVC will be `-` where
entry. Pod validation will reject the pod if the concatenated name
is not valid for a PVC (for example, too long).
-
An existing PVC with that name that is not owned by the pod
will *not* be used for the pod to avoid using an unrelated
volume by mistake. Starting the pod is then blocked until
@@ -8348,11 +8330,9 @@ owner reference to the pod once the pod exists. Normally
this should not be necessary, but it may be useful when
manually reconstructing a broken cluster.
-
This field is read-only and no changes will be made by Kubernetes
to the PVC after it has been created.
-
Required, must not be nil.
@@ -8497,7 +8477,7 @@ If the resource referred to by volumeAttributesClass does not exist, this Persis
set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
exists.
More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
-(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
false |
@@ -8783,8 +8763,7 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach
fsType is the filesystem type to mount.
Must be a filesystem type supported by the host operating system.
-Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
-TODO: how do we prevent errors in the filesystem from compromising the machine
+Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
|
false |
@@ -8912,9 +8891,7 @@ scripts.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -8989,8 +8966,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
fsType is filesystem type of the volume that you want to mount.
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
-More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
-TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
false |
@@ -9119,9 +9095,6 @@ machine that is directly exposed to the container. This is generally
used for system agents or other privileged things that are allowed
to see the host machine. Most containers will NOT need this.
More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
----
-TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
-mount host directories as read/write.
@@ -9154,6 +9127,61 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].image
+
+
+
+image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
+The volume is resolved at pod startup depending on which PullPolicy value is provided:
+
+- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+
+The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
+A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
+The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
+The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
+The volume will be mounted read-only (ro) and non-executable files (noexec).
+Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
+The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
+
+
+
+
+ | Name |
+ Type |
+ Description |
+ Required |
+
+
+
+ | pullPolicy |
+ string |
+
+ Policy for pulling OCI objects. Possible values are:
+Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ |
+ false |
+
+ | reference |
+ string |
+
+ Required: Image or artifact reference to be used.
+Behaves in the same way as pod.spec.containers[*].image.
+Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.
+More info: https://kubernetes.io/docs/concepts/containers/images
+This field is optional to allow higher level config management to default or override
+container images in workload controllers like Deployments and StatefulSets.
+ |
+ false |
+
+
+
+
### TenantControlPlane.spec.controlPlane.deployment.additionalVolumes[index].iscsi
@@ -9216,8 +9244,7 @@ is other than default (typically TCP ports 860 and 3260).
fsType is the filesystem type of the volume that you want to mount.
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
-More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
-TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
false |
@@ -9235,6 +9262,8 @@ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI inte
iscsiInterface is the interface Name that uses an iSCSI transport.
Defaults to 'default' (tcp).
+
+ Default: default
|
false |
@@ -9287,9 +9316,7 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -9491,7 +9518,8 @@ mode, like fsGroup, and the result can be other mode bits set.
sources |
[]object |
- sources is the list of volume projections
+ sources is the list of volume projections. Each entry in this list
+handles one source.
|
false |
@@ -9502,7 +9530,8 @@ mode, like fsGroup, and the result can be other mode bits set.
-Projection that may be projected along with other supported volume types
+Projection that may be projected along with other supported volume types.
+Exactly one of these fields must be set.
@@ -9520,14 +9549,11 @@ Projection that may be projected along with other supported volume types
ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
of ClusterTrustBundle objects in an auto-updating file.
-
Alpha, gated by the ClusterTrustBundleProjection feature gate.
-
ClusterTrustBundle objects can either be selected by name, or by the
combination of signer name and a label selector.
-
Kubelet performs aggressive normalization of the PEM contents written
into the pod filesystem. Esoteric PEM features such as inter-block
comments and block headers are stripped. Certificates are deduplicated.
@@ -9574,14 +9600,11 @@ may change the order over time.
ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
of ClusterTrustBundle objects in an auto-updating file.
-
Alpha, gated by the ClusterTrustBundleProjection feature gate.
-
ClusterTrustBundle objects can either be selected by name, or by the
combination of signer name and a label selector.
-
Kubelet performs aggressive normalization of the PEM contents written
into the pod filesystem. Esoteric PEM features such as inter-block
comments and block headers are stripped. Certificates are deduplicated.
@@ -9765,9 +9788,7 @@ relative and may not contain the '..' path or start with '..'.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -10024,9 +10045,7 @@ relative and may not contain the '..' path or start with '..'.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -10249,8 +10268,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
fsType is the filesystem type of the volume that you want to mount.
Tip: Ensure that the filesystem type is supported by the host operating system.
Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
-More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
-TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
false |
@@ -10260,6 +10278,8 @@ TODO: how do we prevent errors in the filesystem from compromising the machine
+
+ Default: /etc/ceph/keyring
false |
@@ -10269,6 +10289,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
pool is the rados pool name.
Default is rbd.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+ Default: rbd
false |
@@ -10297,6 +10319,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
user is the rados user name.
Default is admin.
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+ Default: admin
false |
@@ -10329,9 +10353,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -10385,6 +10407,8 @@ sensitive information. If this is not provided, Login operation will fail.
Must be a filesystem type supported by the host operating system.
Ex. "ext4", "xfs", "ntfs".
Default is "xfs".
+
+ Default: xfs
false |
@@ -10415,6 +10439,8 @@ the ReadOnly setting in VolumeMounts.
storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
Default is ThinProvisioned.
+
+ Default: ThinProvisioned
|
false |
@@ -10460,9 +10486,7 @@ sensitive information. If this is not provided, Login operation will fail.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -10672,9 +10696,7 @@ credentials. If not specified, default values will be attempted.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
-TODO: Add other useful fields. apiVersion, kind, uid?
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Default:
@@ -11265,7 +11287,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false |
@@ -11280,7 +11302,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false |
@@ -11524,7 +11546,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false |
@@ -11539,7 +11561,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false |
@@ -11861,7 +11883,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false |
@@ -11876,7 +11898,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false |
@@ -12120,7 +12142,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false |
@@ -12135,7 +12157,7 @@ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incomin
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
false |
@@ -12546,11 +12568,9 @@ ResourceRequirements describes the compute resource requirements.
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
false |
@@ -12600,6 +12620,15 @@ the Pod where this field is used. It makes that resource available
inside a container.
true |
+
+ | request |
+ string |
+
+ Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+ |
+ false |
@@ -12626,11 +12655,9 @@ ResourceRequirements describes the compute resource requirements.
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
false |
@@ -12680,6 +12707,15 @@ the Pod where this field is used. It makes that resource available
inside a container.
true |
+
+ | request |
+ string |
+
+ Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+ |
+ false |
@@ -12707,11 +12743,9 @@ Available only if Kamaji is running using Kine as backing storage.
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
false |
@@ -12761,6 +12795,15 @@ the Pod where this field is used. It makes that resource available
inside a container.
true |
+
+ | request |
+ string |
+
+ Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+ |
+ false |
@@ -12787,11 +12830,9 @@ ResourceRequirements describes the compute resource requirements.
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
false |
@@ -12841,6 +12882,15 @@ the Pod where this field is used. It makes that resource available
inside a container.
true |
+
+ | request |
+ string |
+
+ Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+ |
+ false |
@@ -12866,10 +12916,7 @@ Default value is set to Rolling Update, with a blue/green strategy.
object |
Rolling update config params. Present only if DeploymentStrategyType =
-RollingUpdate.
----
-TODO: Update this to follow our convention for oneOf, whatever we decide it
-to be.
+RollingUpdate.
|
false |
@@ -12889,9 +12936,6 @@ to be.
Rolling update config params. Present only if DeploymentStrategyType =
RollingUpdate.
----
-TODO: Update this to follow our convention for oneOf, whatever we decide it
-to be.
@@ -13107,7 +13151,6 @@ MatchLabelKeys cannot be set when LabelSelector isn't set.
Keys that don't exist in the incoming pod labels will
be ignored. A null or empty list means only match against labelSelector.
-
This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
false |
@@ -13126,7 +13169,6 @@ If value is nil, the constraint behaves as if MinDomains is equal to 1.
Valid values are integers greater than 0.
When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
-
For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
labelSelector spread as 2/2/2:
| zone1 | zone2 | zone3 |
@@ -13148,7 +13190,6 @@ when calculating pod topology spread skew. Options are:
- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
-
If this value is nil, the behavior is equivalent to the Honor policy.
This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
@@ -13163,7 +13204,6 @@ pod topology spread skew. Options are:
has a toleration, are included.
- Ignore: node taints are ignored. All nodes are included.
-
If this value is nil, the behavior is equivalent to the Ignore policy.
This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
@@ -13733,11 +13773,9 @@ Resources define the amount of CPU and memory to allocate to the Konnectivity se
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
-
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
-
This field is immutable. It can only be set for containers.
false |
@@ -13787,6 +13825,15 @@ the Pod where this field is used. It makes that resource available
inside a container.
true |
+
+ | request |
+ string |
+
+ Request is the name chosen for a request in the referenced claim.
+If empty, everything from the claim is made available, otherwise
+only the result of this request.
+ |
+ false |
@@ -14438,22 +14485,6 @@ if one is present.
Condition contains details for one aspect of the current state of this API Resource.
----
-This struct is intended for direct use as an array at the field path .status.conditions. For example,
-
-
- type FooStatus struct{
- // Represents the observations of a foo's current state.
- // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
- // +patchMergeKey=type
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=type
- Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-
-
- // other fields
- }
@@ -14506,11 +14537,7 @@ This field may not be empty.
type |
string |
- type of condition in CamelCase or in foo.example.com/CamelCase.
----
-Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-useful (see .node.status.conditions), the ability to deconflict is important.
-The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ type of condition in CamelCase or in foo.example.com/CamelCase.
|
true |
@@ -14629,6 +14656,18 @@ If used, every port defined in the service should have an entry in it
+ | error |
+ string |
+
+ Error is to record the problem with the service port
+The format of the error shall comply with the following rules:
+- built-in error values shall be specified in this file and those shall use
+ CamelCase names
+- cloud provider specific error values must have names that comply with the
+ format foo.example.com/CamelCase.
+ |
+ true |
+
| port |
integer |
@@ -14643,24 +14682,8 @@ If used, every port defined in the service should have an entry in it
|
Protocol is the protocol of the service port of which status is recorded here
The supported values are: "TCP", "UDP", "SCTP"
-
- Default: TCP
|
true |
-
- | error |
- string |
-
- Error is to record the problem with the service port
-The format of the error shall comply with the following rules:
-- built-in error values shall be specified in this file and those shall use
- CamelCase names
-- cloud provider specific error values must have names that comply with the
- format foo.example.com/CamelCase.
----
-The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- |
- false |
@@ -15764,6 +15787,18 @@ IngressPortStatus represents the error condition of a service port
+ | error |
+ string |
+
+ error is to record the problem with the service port
+The format of the error shall comply with the following rules:
+- built-in error values shall be specified in this file and those shall use
+ CamelCase names
+- cloud provider specific error values must have names that comply with the
+ format foo.example.com/CamelCase.
+ |
+ true |
+
| port |
integer |
@@ -15778,24 +15813,8 @@ IngressPortStatus represents the error condition of a service port
|
protocol is the protocol of the ingress port.
The supported values are: "TCP", "UDP", "SCTP"
-
- Default: TCP
|
true |
-
- | error |
- string |
-
- error is to record the problem with the service port
-The format of the error shall comply with the following rules:
-- built-in error values shall be specified in this file and those shall use
- CamelCase names
-- cloud provider specific error values must have names that comply with the
- format foo.example.com/CamelCase.
----
-The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- |
- false |
@@ -15862,22 +15881,6 @@ if one is present.
Condition contains details for one aspect of the current state of this API Resource.
----
-This struct is intended for direct use as an array at the field path .status.conditions. For example,
-
-
- type FooStatus struct{
- // Represents the observations of a foo's current state.
- // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
- // +patchMergeKey=type
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=type
- Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-
-
- // other fields
- }
@@ -15930,11 +15933,7 @@ This field may not be empty.
type |
string |
- type of condition in CamelCase or in foo.example.com/CamelCase.
----
-Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-useful (see .node.status.conditions), the ability to deconflict is important.
-The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ type of condition in CamelCase or in foo.example.com/CamelCase.
|
true |
@@ -16053,6 +16052,18 @@ If used, every port defined in the service should have an entry in it
+ | error |
+ string |
+
+ Error is to record the problem with the service port
+The format of the error shall comply with the following rules:
+- built-in error values shall be specified in this file and those shall use
+ CamelCase names
+- cloud provider specific error values must have names that comply with the
+ format foo.example.com/CamelCase.
+ |
+ true |
+
| port |
integer |
@@ -16067,24 +16078,8 @@ If used, every port defined in the service should have an entry in it
|
Protocol is the protocol of the service port of which status is recorded here
The supported values are: "TCP", "UDP", "SCTP"
-
- Default: TCP
|
true |
-
- | error |
- string |
-
- Error is to record the problem with the service port
-The format of the error shall comply with the following rules:
-- built-in error values shall be specified in this file and those shall use
- CamelCase names
-- cloud provider specific error values must have names that comply with the
- format foo.example.com/CamelCase.
----
-The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- |
- false |
diff --git a/docs/content/reference/versioning.md b/docs/content/reference/versioning.md
index 25373d28..05bfb62d 100644
--- a/docs/content/reference/versioning.md
+++ b/docs/content/reference/versioning.md
@@ -16,9 +16,6 @@ Using Edge Release artifacts and reporting bugs helps us ensure a rapid pace of
Stable Release artifacts of Kamaji follow semantic versioning, whereby changes in major version denote large feature additions and possible breaking changes and changes in minor versions denote safe upgrades without breaking changes.
-As of July 2024, [Clastix Labs](https://github.com/clastix) organization does not no longer provide stable release artifacts. Stable Release artefacts are offered on a subscription basis by [CLASTIX](https://clastix.io), the main Kamaji project contributor.
-
-
| Kamaji | Management Cluster | Tenant Cluster |
|--------|--------------------|----------------------|
| v0.3.0 | v1.22+ | [v1.21.0 .. v1.27.0] |
@@ -33,4 +30,9 @@ As of July 2024, [Clastix Labs](https://github.com/clastix) organization does no
| v0.4.2 | v1.22+ | [v1.21.0 .. v1.29.1] |
| v0.5.0 | v1.22+ | [v1.21.0 .. v1.30.0] |
| v0.6.0 | v1.22+ | [v1.21.0 .. v1.30.1] |
-| v1.0.0 | v1.22+ | [v1.21.0 .. v1.30.2] |
\ No newline at end of file
+| v1.0.0 | v1.22+ | [v1.21.0 .. v1.30.2] |
+
+As of July 2024 [Clastix Labs](https://github.com/clastix) organization does no longer provide stable release artifacts.
+Stable Release artefacts are offered on a subscription basis by [CLASTIX](https://clastix.io), the main Kamaji project contributor.
+
+> Learn more about [available subscription plans](https://clastix.io/support/) from CLASTIX.
diff --git a/e2e/worker_kubeadm_join_test.go b/e2e/worker_kubeadm_join_test.go
index e7025f0f..a99a6606 100644
--- a/e2e/worker_kubeadm_join_test.go
+++ b/e2e/worker_kubeadm_join_test.go
@@ -21,7 +21,7 @@ import (
"k8s.io/apimachinery/pkg/types"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/tools/clientcmd"
- kubeadmv1beta3 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3"
+ kubeadmv1beta4 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta4"
"k8s.io/kubernetes/cmd/kubeadm/app/cmd"
pointer "k8s.io/utils/ptr"
@@ -57,7 +57,7 @@ var _ = Describe("starting a kind worker with kubeadm", func() {
Port: 31443,
},
Kubernetes: kamajiv1alpha1.KubernetesSpec{
- Version: "v1.25.3",
+ Version: "v1.29.0",
Kubelet: kamajiv1alpha1.KubeletSpec{
CGroupFS: "cgroupfs",
},
@@ -139,11 +139,11 @@ var _ = Describe("starting a kind worker with kubeadm", func() {
clientset, err := kubernetes.NewForConfig(config)
Expect(err).ToNot(HaveOccurred())
- Expect(cmd.RunCreateToken(joinCommandBuffer, clientset, "", &kubeadmv1beta3.InitConfiguration{}, true, "", kubeconfigFile.Name())).ToNot(HaveOccurred())
+ Expect(cmd.RunCreateToken(joinCommandBuffer, clientset, "", &kubeadmv1beta4.InitConfiguration{}, true, "", kubeconfigFile.Name())).ToNot(HaveOccurred())
})
By("executing the command in the worker node", func() {
- cmds := append(strings.Split(strings.TrimSpace(joinCommandBuffer.String()), " "), "--ignore-preflight-errors", "SystemVerification")
+ cmds := append(strings.Split(strings.TrimSpace(joinCommandBuffer.String()), " "), "--ignore-preflight-errors=SystemVerification")
exitCode, _, err := workerContainer.Exec(ctx, cmds)
Expect(exitCode).To(Equal(0))
diff --git a/go.mod b/go.mod
index 1011400b..73b459cd 100644
--- a/go.mod
+++ b/go.mod
@@ -28,16 +28,16 @@ require (
go.etcd.io/etcd/client/v3 v3.5.15
go.uber.org/automaxprocs v1.5.3
gomodules.xyz/jsonpatch/v2 v2.4.0
- k8s.io/api v0.30.2
- k8s.io/apimachinery v0.30.2
- k8s.io/apiserver v0.30.2
- k8s.io/client-go v0.30.2
+ k8s.io/api v0.31.0
+ k8s.io/apimachinery v0.31.0
+ k8s.io/apiserver v0.31.0
+ k8s.io/client-go v0.31.0
k8s.io/cluster-bootstrap v0.0.0
k8s.io/klog/v2 v2.130.1
k8s.io/kubelet v0.0.0
- k8s.io/kubernetes v1.30.3
- k8s.io/utils v0.0.0-20230726121419-3b25d923346b
- sigs.k8s.io/controller-runtime v0.18.5
+ k8s.io/kubernetes v1.31.0
+ k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
+ sigs.k8s.io/controller-runtime v0.19.0
)
require (
@@ -48,12 +48,12 @@ require (
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/Microsoft/hcsshim v0.11.5 // indirect
github.com/NYTimes/gziphandler v1.1.1 // indirect
- github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
+ github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/blang/semver/v4 v4.0.0 // indirect
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
- github.com/cespare/xxhash/v2 v2.2.0 // indirect
+ github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/containerd/containerd v1.7.18 // indirect
github.com/containerd/errdefs v0.1.0 // indirect
github.com/containerd/log v0.1.0 // indirect
@@ -71,20 +71,21 @@ require (
github.com/evanphx/json-patch/v5 v5.9.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
+ github.com/fxamacker/cbor/v2 v2.7.0 // indirect
github.com/go-errors/errors v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-logr/zapr v1.3.0 // indirect
github.com/go-ole/go-ole v1.2.6 // indirect
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
- github.com/go-openapi/swag v0.22.3 // indirect
+ github.com/go-openapi/swag v0.22.4 // indirect
github.com/go-pg/zerochecker v0.2.0 // indirect
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/btree v1.0.1 // indirect
- github.com/google/cel-go v0.17.8 // indirect
+ github.com/google/cel-go v0.20.1 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 // indirect
@@ -104,7 +105,6 @@ require (
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
- github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/patternmatcher v0.6.0 // indirect
@@ -125,10 +125,10 @@ require (
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
- github.com/prometheus/client_golang v1.16.0 // indirect
- github.com/prometheus/client_model v0.4.0 // indirect
- github.com/prometheus/common v0.44.0 // indirect
- github.com/prometheus/procfs v0.12.0 // indirect
+ github.com/prometheus/client_golang v1.19.1 // indirect
+ github.com/prometheus/client_model v0.6.1 // indirect
+ github.com/prometheus/common v0.55.0 // indirect
+ github.com/prometheus/procfs v0.15.1 // indirect
github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/shirou/gopsutil/v3 v3.23.12 // indirect
@@ -146,88 +146,93 @@ require (
github.com/vmihailenco/msgpack/v5 v5.3.4 // indirect
github.com/vmihailenco/tagparser v0.1.2 // indirect
github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
+ github.com/x448/float16 v0.8.4 // indirect
github.com/xlab/treeprint v1.2.0 // indirect
github.com/yusufpapurcu/wmi v1.2.3 // indirect
go.etcd.io/etcd/client/pkg/v3 v3.5.15 // indirect
- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
+ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect
+ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
go.opentelemetry.io/otel v1.28.0 // indirect
- go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 // indirect
+ go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect
go.opentelemetry.io/otel/metric v1.28.0 // indirect
go.opentelemetry.io/otel/sdk v1.28.0 // indirect
go.opentelemetry.io/otel/trace v1.28.0 // indirect
- go.opentelemetry.io/proto/otlp v1.2.0 // indirect
+ go.opentelemetry.io/proto/otlp v1.3.1 // indirect
go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.26.0 // indirect
golang.org/x/crypto v0.26.0 // indirect
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
golang.org/x/net v0.28.0 // indirect
- golang.org/x/oauth2 v0.20.0 // indirect
+ golang.org/x/oauth2 v0.21.0 // indirect
golang.org/x/sync v0.8.0 // indirect
golang.org/x/sys v0.23.0 // indirect
golang.org/x/term v0.23.0 // indirect
golang.org/x/text v0.17.0 // indirect
golang.org/x/time v0.5.0 // indirect
golang.org/x/tools v0.24.0 // indirect
- google.golang.org/genproto/googleapis/api v0.0.0-20240520151616-dc85e6b867a5 // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect
- google.golang.org/grpc v1.64.0 // indirect
- google.golang.org/protobuf v1.34.1 // indirect
+ google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
+ google.golang.org/grpc v1.65.0 // indirect
+ google.golang.org/protobuf v1.34.2 // indirect
+ gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
- k8s.io/apiextensions-apiserver v0.30.1 // indirect
+ k8s.io/apiextensions-apiserver v0.31.0 // indirect
k8s.io/cli-runtime v0.0.0 // indirect
k8s.io/cloud-provider v0.0.0 // indirect
- k8s.io/component-base v0.30.2 // indirect
- k8s.io/component-helpers v0.30.2 // indirect
- k8s.io/controller-manager v0.30.2 // indirect
- k8s.io/kms v0.30.2 // indirect
+ k8s.io/component-base v0.31.0 // indirect
+ k8s.io/component-helpers v0.31.0 // indirect
+ k8s.io/controller-manager v0.31.0 // indirect
+ k8s.io/cri-api v0.31.0 // indirect
+ k8s.io/cri-client v0.0.0 // indirect
+ k8s.io/kms v0.31.0 // indirect
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
k8s.io/kube-proxy v0.0.0 // indirect
k8s.io/system-validators v1.8.0 // indirect
mellium.im/sasl v0.3.1 // indirect
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect
+ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
- sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect
- sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect
+ sigs.k8s.io/kustomize/api v0.17.2 // indirect
+ sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
- sigs.k8s.io/yaml v1.3.0 // indirect
+ sigs.k8s.io/yaml v1.4.0 // indirect
)
replace (
- k8s.io/api => k8s.io/api v0.30.2
- k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.30.2
- k8s.io/apimachinery => k8s.io/apimachinery v0.30.2
- k8s.io/apiserver => k8s.io/apiserver v0.30.2
- k8s.io/cli-runtime => k8s.io/cli-runtime v0.30.2
- k8s.io/client-go => k8s.io/client-go v0.30.2
- k8s.io/cloud-provider => k8s.io/cloud-provider v0.30.2
- k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.30.2
- k8s.io/code-generator => k8s.io/code-generator v0.30.2
- k8s.io/component-base => k8s.io/component-base v0.30.2
- k8s.io/component-helpers => k8s.io/component-helpers v0.30.2
- k8s.io/controller-manager => k8s.io/controller-manager v0.30.2
- k8s.io/cri-api => k8s.io/cri-api v0.30.2
- k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.30.2
- k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.30.2
- k8s.io/endpointslice => k8s.io/endpointslice v0.30.2
- k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.30.2
- k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.30.2
- k8s.io/kube-proxy => k8s.io/kube-proxy v0.30.2
- k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.30.2
- k8s.io/kubectl => k8s.io/kubectl v0.30.2
- k8s.io/kubelet => k8s.io/kubelet v0.30.2
- k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.30.2
- k8s.io/metrics => k8s.io/metrics v0.30.2
- k8s.io/mount-utils => k8s.io/mount-utils v0.30.2
- k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.30.2
- k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.30.2
+ k8s.io/api => k8s.io/api v0.31.0
+ k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.31.0
+ k8s.io/apimachinery => k8s.io/apimachinery v0.31.0
+ k8s.io/apiserver => k8s.io/apiserver v0.31.0
+ k8s.io/cli-runtime => k8s.io/cli-runtime v0.31.0
+ k8s.io/client-go => k8s.io/client-go v0.31.0
+ k8s.io/cloud-provider => k8s.io/cloud-provider v0.31.0
+ k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.31.0
+ k8s.io/code-generator => k8s.io/code-generator v0.31.0
+ k8s.io/component-base => k8s.io/component-base v0.31.0
+ k8s.io/component-helpers => k8s.io/component-helpers v0.31.0
+ k8s.io/controller-manager => k8s.io/controller-manager v0.31.0
+ k8s.io/cri-api => k8s.io/cri-api v0.31.0
+ k8s.io/cri-client => k8s.io/cri-client v0.31.0
+ k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.31.0
+ k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.31.0
+ k8s.io/endpointslice => k8s.io/endpointslice v0.31.0
+ k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.31.0
+ k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.31.0
+ k8s.io/kube-proxy => k8s.io/kube-proxy v0.31.0
+ k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.31.0
+ k8s.io/kubectl => k8s.io/kubectl v0.31.0
+ k8s.io/kubelet => k8s.io/kubelet v0.31.0
+ k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.31.0
+ k8s.io/metrics => k8s.io/metrics v0.31.0
+ k8s.io/mount-utils => k8s.io/mount-utils v0.31.0
+ k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.31.0
+ k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.31.0
)
replace github.com/JamesStewy/go-mysqldump => github.com/vtoma/go-mysqldump v1.0.0
diff --git a/go.sum b/go.sum
index d13501fc..c4d60635 100644
--- a/go.sum
+++ b/go.sum
@@ -32,8 +32,8 @@ github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMo
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18=
-github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM=
+github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI=
+github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g=
github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
@@ -53,8 +53,8 @@ github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK3
github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -121,6 +121,8 @@ github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7z
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
@@ -141,8 +143,9 @@ github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn
github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
-github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
+github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
github.com/go-pg/pg/v10 v10.13.0 h1:xMagDE57VP8Y2KvIf9PvrsOAIjX62XqaKmfEzB0c5eU=
github.com/go-pg/pg/v10 v10.13.0/go.mod h1:IXp9Ok9JNNW9yWedbQxxvKUv84XhoH5+tGd+68y+zDs=
github.com/go-pg/zerochecker v0.2.0 h1:pp7f72c3DobMWOb2ErtZsnrPaSvHd2W4o9//8HtF4mU=
@@ -183,8 +186,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
-github.com/google/cel-go v0.17.8 h1:j9m730pMZt1Fc4oKhCLUHfjj6527LuhYcYw0Rl8gqto=
-github.com/google/cel-go v0.17.8/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY=
+github.com/google/cel-go v0.20.1 h1:nDx9r8S3L4pE61eDdt8igGj8rf5kjYR3ILxWIpWNi84=
+github.com/google/cel-go v0.20.1/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg=
github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -318,8 +321,6 @@ github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJ
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
@@ -395,21 +396,21 @@ github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4
github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
-github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8=
-github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc=
+github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
+github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
-github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=
-github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
+github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
+github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
-github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
@@ -423,8 +424,8 @@ github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgY
github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
-github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
+github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
+github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
github.com/shirou/gopsutil/v3 v3.23.12 h1:z90NtUkp3bMtmICZKpC4+WaknU1eXtp5vtbQ11DgpE4=
github.com/shirou/gopsutil/v3 v3.23.12/go.mod h1:1FrWgea594Jp7qmjHUUPlJDTPgcsb9mGnXDxavtikzM=
github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
@@ -502,6 +503,8 @@ github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAh
github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
github.com/vtoma/go-mysqldump v1.0.0 h1:TNQXlsGD4r1+P9cMyzeWnOgHy0QbP0R+XfXqu5Is0fI=
github.com/vtoma/go-mysqldump v1.0.0/go.mod h1:i9PUM5mb4MH+4D4tJktCTLWDy6CX5rDCL/nS4+f3N5w=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8=
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
@@ -511,32 +514,32 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
github.com/yusufpapurcu/wmi v1.2.3 h1:E1ctvB7uKFMOJw3fdOW32DwGE9I7t++CRUEMKvFoFiw=
github.com/yusufpapurcu/wmi v1.2.3/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.8 h1:xs88BrvEv273UsB79e0hcVrlUWmS0a8upikMFhSyAtA=
-go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
+go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI=
+go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE=
go.etcd.io/etcd/api/v3 v3.5.15 h1:3KpLJir1ZEBrYuV2v+Twaa/e2MdDCEZ/70H+lzEiwsk=
go.etcd.io/etcd/api/v3 v3.5.15/go.mod h1:N9EhGzXq58WuMllgH9ZvnEr7SI9pS0k0+DHZezGp7jM=
go.etcd.io/etcd/client/pkg/v3 v3.5.15 h1:fo0HpWz/KlHGMCC+YejpiCmyWDEuIpnTDzpJLB5fWlA=
go.etcd.io/etcd/client/pkg/v3 v3.5.15/go.mod h1:mXDI4NAOwEiszrHCb0aqfAYNCrZP4e9hRca3d1YK8EU=
-go.etcd.io/etcd/client/v2 v2.305.12 h1:0m4ovXYo1CHaA/Mp3X/Fak5sRNIWf01wk/X1/G3sGKI=
-go.etcd.io/etcd/client/v2 v2.305.12/go.mod h1:aQ/yhsxMu+Oht1FOupSr60oBvcS9cKXHrzBpDsPTf9E=
+go.etcd.io/etcd/client/v2 v2.305.13 h1:RWfV1SX5jTU0lbCvpVQe3iPQeAHETWdOTb6pxhd77C8=
+go.etcd.io/etcd/client/v2 v2.305.13/go.mod h1:iQnL7fepbiomdXMb3om1rHq96htNNGv2sJkEcZGDRRg=
go.etcd.io/etcd/client/v3 v3.5.15 h1:23M0eY4Fd/inNv1ZfU3AxrbbOdW79r9V9Rl62Nm6ip4=
go.etcd.io/etcd/client/v3 v3.5.15/go.mod h1:CLSJxrYjvLtHsrPKsy7LmZEE+DK2ktfd2bN4RhBMwlU=
-go.etcd.io/etcd/pkg/v3 v3.5.10 h1:WPR8K0e9kWl1gAhB5A7gEa5ZBTNkT9NdNWrR8Qpo1CM=
-go.etcd.io/etcd/pkg/v3 v3.5.10/go.mod h1:TKTuCKKcF1zxmfKWDkfz5qqYaE3JncKKZPFf8c1nFUs=
-go.etcd.io/etcd/raft/v3 v3.5.10 h1:cgNAYe7xrsrn/5kXMSaH8kM/Ky8mAdMqGOxyYwpP0LA=
-go.etcd.io/etcd/raft/v3 v3.5.10/go.mod h1:odD6kr8XQXTy9oQnyMPBOr0TVe+gT0neQhElQ6jbGRc=
-go.etcd.io/etcd/server/v3 v3.5.10 h1:4NOGyOwD5sUZ22PiWYKmfxqoeh72z6EhYjNosKGLmZg=
-go.etcd.io/etcd/server/v3 v3.5.10/go.mod h1:gBplPHfs6YI0L+RpGkTQO7buDbHv5HJGG/Bst0/zIPo=
+go.etcd.io/etcd/pkg/v3 v3.5.13 h1:st9bDWNsKkBNpP4PR1MvM/9NqUPfvYZx/YXegsYEH8M=
+go.etcd.io/etcd/pkg/v3 v3.5.13/go.mod h1:N+4PLrp7agI/Viy+dUYpX7iRtSPvKq+w8Y14d1vX+m0=
+go.etcd.io/etcd/raft/v3 v3.5.13 h1:7r/NKAOups1YnKcfro2RvGGo2PTuizF/xh26Z2CTAzA=
+go.etcd.io/etcd/raft/v3 v3.5.13/go.mod h1:uUFibGLn2Ksm2URMxN1fICGhk8Wu96EfDQyuLhAcAmw=
+go.etcd.io/etcd/server/v3 v3.5.13 h1:V6KG+yMfMSqWt+lGnhFpP5z5dRUj1BDRJ5k1fQ9DFok=
+go.etcd.io/etcd/server/v3 v3.5.13/go.mod h1:K/8nbsGupHqmr5MkgaZpLlH1QdX1pcNQLAkODy44XcQ=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 h1:9G6E0TXzGFVfTnawRzrPl83iHOAV7L8NJiR8RSGYV1g=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0/go.mod h1:azvtTADFQJA8mX80jIH/akaE7h+dbm/sVuaHqN13w74=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg=
go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo=
go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 h1:R9DE4kQ4k+YtfLI2ULwX82VtNQ2J8yZmA7ZIF/D+7Mc=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0/go.mod h1:OQFyQVrDlbe+R7xrEyDr/2Wr67Ol0hRUgsfA+V5A95s=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg=
@@ -547,8 +550,8 @@ go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBq
go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg=
go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g=
go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI=
-go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94=
-go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A=
+go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
+go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY=
go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds=
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
@@ -614,8 +617,8 @@ golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo=
-golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
+golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -713,17 +716,17 @@ google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvx
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y=
google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s=
-google.golang.org/genproto/googleapis/api v0.0.0-20240520151616-dc85e6b867a5 h1:P8OJ/WCl/Xo4E4zoe4/bifHpSmmKwARqyqE4nW6J2GQ=
-google.golang.org/genproto/googleapis/api v0.0.0-20240520151616-dc85e6b867a5/go.mod h1:RGnPtTG7r4i8sPlNyDeikXF99hMM+hN6QMm4ooG9g2g=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 h1:AgADTJarZTBqgjiUzRgfaBchgYB3/WFTC80GPwsMcRI=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
+google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 h1:7whR9kGa5LUwFtpLm2ArCEejtnxlGeLbAyjFY8sGNFw=
+google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=
-google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg=
+google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=
+google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -732,14 +735,16 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi
google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
-google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
+gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
@@ -769,58 +774,62 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI=
-k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI=
-k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE=
-k8s.io/apiextensions-apiserver v0.30.2/go.mod h1:lsJFLYyK40iguuinsb3nt+Sj6CmodSI4ACDLep1rgjw=
-k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg=
-k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
-k8s.io/apiserver v0.30.2 h1:ACouHiYl1yFI2VFI3YGM+lvxgy6ir4yK2oLOsLI1/tw=
-k8s.io/apiserver v0.30.2/go.mod h1:BOTdFBIch9Sv0ypSEcUR6ew/NUFGocRFNl72Ra7wTm8=
-k8s.io/cli-runtime v0.30.2 h1:ooM40eEJusbgHNEqnHziN9ZpLN5U4WcQGsdLKVxpkKE=
-k8s.io/cli-runtime v0.30.2/go.mod h1:Y4g/2XezFyTATQUbvV5WaChoUGhojv/jZAtdp5Zkm0A=
-k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50=
-k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs=
-k8s.io/cloud-provider v0.30.2 h1:yov6r02v7sMUNNvzEz51LtL2krn2c1wsC+dy/8BxKQI=
-k8s.io/cloud-provider v0.30.2/go.mod h1:w69t2dSjDtI9BYK6SEqj6HmMKIojEk08fXRoUzjFN2I=
-k8s.io/cluster-bootstrap v0.30.2 h1:9PQ5phjWTxmPFKPEzTG6QJzPaUIfuW2RqcHDME5gqPg=
-k8s.io/cluster-bootstrap v0.30.2/go.mod h1:dvzAgNVmwRfZ0BzHI/WTvzqlzmNH7w21mdnahEq61KY=
-k8s.io/component-base v0.30.2 h1:pqGBczYoW1sno8q9ObExUqrYSKhtE5rW3y6gX88GZII=
-k8s.io/component-base v0.30.2/go.mod h1:yQLkQDrkK8J6NtP+MGJOws+/PPeEXNpwFixsUI7h/OE=
-k8s.io/component-helpers v0.30.2 h1:kDMYLiWEYeWU7H6jBI+Ua1i2hqNh0DzqDHNIppFC3po=
-k8s.io/component-helpers v0.30.2/go.mod h1:tI0anfS6AbRqooaICkGg7UVAQLedOauVSQW9srDBnJw=
-k8s.io/controller-manager v0.30.2 h1:tC7V7IdGUW2I4de3bXx4m2fS3naP7VlCYlECCajK9fU=
-k8s.io/controller-manager v0.30.2/go.mod h1:CYltIHGhCgldEkXT5vS2JHCCWM1WyBI4kA2UfP9cZvY=
+k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo=
+k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE=
+k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk=
+k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk=
+k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc=
+k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
+k8s.io/apiserver v0.31.0 h1:p+2dgJjy+bk+B1Csz+mc2wl5gHwvNkC9QJV+w55LVrY=
+k8s.io/apiserver v0.31.0/go.mod h1:KI9ox5Yu902iBnnyMmy7ajonhKnkeZYJhTZ/YI+WEMk=
+k8s.io/cli-runtime v0.31.0 h1:V2Q1gj1u3/WfhD475HBQrIYsoryg/LrhhK4RwpN+DhA=
+k8s.io/cli-runtime v0.31.0/go.mod h1:vg3H94wsubuvWfSmStDbekvbla5vFGC+zLWqcf+bGDw=
+k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8=
+k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU=
+k8s.io/cloud-provider v0.31.0 h1:qNOs78I2/7zQmyStfDtY2M7EdilUl9fCSYMcqBju/tA=
+k8s.io/cloud-provider v0.31.0/go.mod h1:QgUPqLoL6aXhLlrNg1U4IrJk/PvvxgeOnT2ixkgnqT0=
+k8s.io/cluster-bootstrap v0.31.0 h1:jj5t1PArBPddvDypdNpzqnZQ/+qnGxpJuTF7SX05h1Y=
+k8s.io/cluster-bootstrap v0.31.0/go.mod h1:6ujqWFrBV4amKe1ii/6BXgrd57bF/Q3gXebLJdmfSK4=
+k8s.io/component-base v0.31.0 h1:/KIzGM5EvPNQcYgwq5NwoQBaOlVFrghoVGr8lG6vNRs=
+k8s.io/component-base v0.31.0/go.mod h1:TYVuzI1QmN4L5ItVdMSXKvH7/DtvIuas5/mm8YT3rTo=
+k8s.io/component-helpers v0.31.0 h1:jyRUKA+GX+q19o81k4x94imjNICn+e6Gzi6T89va1/A=
+k8s.io/component-helpers v0.31.0/go.mod h1:MrNIvT4iB7wXIseYSWfHUJB/aNUiFvbilp4qDfBQi6s=
+k8s.io/controller-manager v0.31.0 h1:OmM0JfkzMvNXGbKIInj8SOrqIHLW4ymDGaNaa4KqyGc=
+k8s.io/controller-manager v0.31.0/go.mod h1:slaIzbI1ecqVphjSuHwlzJQ2pclSwtjUzTEQ6fYAB8A=
+k8s.io/cri-api v0.31.0 h1:6o0XrhWlc1/zseGCh+aMScdXCg5nT6KCGdyx7HQkSKo=
+k8s.io/cri-api v0.31.0/go.mod h1:Po3TMAYH/+KrZabi7QiwQI4a692oZcUOUThd/rqwxrI=
+k8s.io/cri-client v0.31.0 h1:lu+Fq1h9GYIJO0PiWX1tH5KEhbD4H52grWss4CVMlqc=
+k8s.io/cri-client v0.31.0/go.mod h1:rAZ0wx1Yqq4XwfL89Hvzl6rCbnkK0k/rm4DuW48O1+I=
k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kms v0.30.2 h1:VSZILO/tkzrz5Tu2j+yFQZ2Dc5JerQZX2GqhFJbQrfw=
-k8s.io/kms v0.30.2/go.mod h1:GrMurD0qk3G4yNgGcsCEmepqf9KyyIrTXYR2lyUOJC4=
+k8s.io/kms v0.31.0 h1:KchILPfB1ZE+ka7223mpU5zeFNkmb45jl7RHnlImUaI=
+k8s.io/kms v0.31.0/go.mod h1:OZKwl1fan3n3N5FFxnW5C4V3ygrah/3YXeJWS3O6+94=
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
-k8s.io/kube-proxy v0.30.2 h1:rBLnKQzXO5u2KO7t3rqYkHf5/oG46ZjqcqfEUw4yOEs=
-k8s.io/kube-proxy v0.30.2/go.mod h1:7qE0iyUFIi0FJZNO6fe/Eif17RKckTntEl2gjxsta+0=
-k8s.io/kubelet v0.30.2 h1:Ck4E/pHndI20IzDXxS57dElhDGASPO5pzXF7BcKfmCY=
-k8s.io/kubelet v0.30.2/go.mod h1:DSwwTbLQmdNkebAU7ypIALR4P9aXZNFwgRmedojUE94=
-k8s.io/kubernetes v1.30.3 h1:A0qoXI1YQNzrQZiff33y5zWxYHFT/HeZRK98/sRDJI0=
-k8s.io/kubernetes v1.30.3/go.mod h1:yPbIk3MhmhGigX62FLJm+CphNtjxqCvAIFQXup6RKS0=
+k8s.io/kube-proxy v0.31.0 h1:A8t7bGozoAnEE3uleq9VWepTuJP9f/Fut0P9aF715t4=
+k8s.io/kube-proxy v0.31.0/go.mod h1:IUABtDo1yA6Vyxw0GEhKGi5UZuXy7NP7rmZB0zf8MWA=
+k8s.io/kubelet v0.31.0 h1:IlfkBy7QTojGEm97GuVGhtli0HL/Pgu4AdayiF76yWo=
+k8s.io/kubelet v0.31.0/go.mod h1:s+OnqnfdIh14PFpUb7NgzM53WSYXcczA3w/1qSzsRc8=
+k8s.io/kubernetes v1.31.0 h1:sYAB12TTWexXKp4RxqJMm/7EC+P0mNOgn4Xdj5eu7HM=
+k8s.io/kubernetes v1.31.0/go.mod h1:UTpGn7nxrUrPWw5hNIYTAjodcWIvLakgHpLtfrr6GC8=
k8s.io/system-validators v1.8.0 h1:tq05tdO9zdJZnNF3SXrq6LE7Knc/KfJm5wk68467JDg=
k8s.io/system-validators v1.8.0/go.mod h1:gP1Ky+R9wtrSiFbrpEPwWMeYz9yqyy1S/KOh0Vci7WI=
-k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
-k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
+k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
mellium.im/sasl v0.3.1 h1:wE0LW6g7U83vhvxjC1IY8DnXM+EU095yeo8XClvCdfo=
mellium.im/sasl v0.3.1/go.mod h1:xm59PUYpZHhgQ9ZqoJ5QaCqzWMi8IeS49dhp6plPCzw=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4=
-sigs.k8s.io/controller-runtime v0.18.5 h1:nTHio/W+Q4aBlQMgbnC5hZb4IjIidyrizMai9P6n4Rk=
-sigs.k8s.io/controller-runtime v0.18.5/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 h1:2770sDpzrjjsAtVhSeUFseziht227YAWYHLGNM8QPwY=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw=
+sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q=
+sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0=
-sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3/go.mod h1:9n16EZKMhXBNSiUC5kSdFQJkdH3zbxS/JoO619G1VAY=
-sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 h1:W6cLQc5pnqM7vh3b7HvGNfXrJ/xL6BDMS0v1V/HHg5U=
-sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3/go.mod h1:JWP1Fj0VWGHyw3YUPjXSQnRnrwezrZSrApfX5S0nIag=
+sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g=
+sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0=
+sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ=
+sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U=
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
-sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
-sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/internal/kubeadm/addon.go b/internal/kubeadm/addon.go
index 925b767c..bb3ddff1 100644
--- a/internal/kubeadm/addon.go
+++ b/internal/kubeadm/addon.go
@@ -36,7 +36,7 @@ func AddCoreDNS(client kubernetes.Interface, config *Configuration) ([]byte, err
}
b := bytes.NewBuffer([]byte{})
- if err := dns.EnsureDNSAddon(&config.InitConfiguration.ClusterConfiguration, client, b, true); err != nil {
+ if err := dns.EnsureDNSAddon(&config.InitConfiguration.ClusterConfiguration, client, "", b, true); err != nil {
return nil, err
}
diff --git a/internal/upgrade/kubeadm_version.go b/internal/upgrade/kubeadm_version.go
index 4cc43975..fa8ec703 100644
--- a/internal/upgrade/kubeadm_version.go
+++ b/internal/upgrade/kubeadm_version.go
@@ -4,5 +4,5 @@
package upgrade
const (
- KubeadmVersion = "v1.30.2"
+ KubeadmVersion = "v1.31.0"
)
diff --git a/internal/webhook/register.go b/internal/webhook/register.go
index f0687e5f..3f2a29a8 100644
--- a/internal/webhook/register.go
+++ b/internal/webhook/register.go
@@ -4,6 +4,7 @@
package webhook
import (
+ "k8s.io/utils/ptr"
controllerruntime "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/webhook"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
@@ -22,7 +23,7 @@ func Register(mgr controllerruntime.Manager, routes map[webhookroutes.Route][]we
for route, handlers := range routes {
srv.Register(route.GetPath(), &webhook.Admission{
Handler: chainer.Handler(route.GetObject(), handlers...),
- RecoverPanic: true,
+ RecoverPanic: ptr.To(true),
})
}